Static and dynamic roles

Static and dynamic roles

IBM Security Identity Manager provides static and dynamic roles.

In static organizational roles, assigning a person to a static role is a manual process.
In the case of a dynamic role, the scope of access can be to an organizational unit only or to the organizational unit and its subunits. Dynamic organizational roles use valid LDAP filters to set a user's membership in a specific role. For example, a dynamic role might use an LDAP filter to provide access to specific resources to users who are members of an auditing department named audit123. For example, type:
(departmentnumber=audit123)
Dynamic organizational roles are evaluated at the following times:

When a new user is created in the ISIM system
When a user's information, such as title or department membership, changes
When a new dynamic organizational role is created

Parent topic: Features overview