Predefined groups, views, and access control items
IBM Security Identity Manager provides predefined groups. The groups are associated with views and access control items. The following user interfaces, or consoles, are available:
- Self-service console for all users, for self-care activities such as changing personal profile information, such as a telephone number.
- Identity Service Center for all users, for self-care activities such as changing personal profile information, requesting access.
- Administrative console, for selected users who belong to one or more groups that enable a range of administrative tasks.
A IBM Security Identity Manager user with no other group membership has a basic privilege to use ISIM. This set of users needs only a self-service console or the Identity Service Center for self-care capabilities. The users are not in a labeled "group" such as a Help Desk Assistant group.
The predefined groups are associated with predefined views and access control items, to control what members can see and do:
The predefined groups are.
- Administrator
- The administrator group has no limits set by default views or access control items and can access all views and do all operations in ISIM. The first system administrator user is named "itim manager".
- Auditor
- Members of the auditor group can request reports for audit purposes.
- Help Desk Assistant
- Members of the Help Desk Assistant group can request, change, suspend, restore, and delete accounts. Members can request, change, and delete access, and also can reset passwords, profiles, and accounts of others. Additionally, members can delegate activities for a user.
- Manager
- Members of the Manager group are users who manage the accounts, profiles, and passwords of their direct subordinates.
- Service Owner
- Members of the Service Owner group manage a service, including the user accounts and requests for that service.
Parent topic: Resource access from a user's perspective