Self-access management

IBM Security Identity Manager allows users and administrators the ability to request and manage access to resources such as shared folders, email groups, or applications.

Access differs from an account. An account exists as an object on a managed service. An access is an entitlement to use a resource, such as a shared folder, on the managed service. The ability to access a resource is based on the attributes of the group to which the user account belongs. The user's access to a resource is therefore dependent on the account and its group mapping. When an account is suspended, their access becomes inactive; similarly, when an account is restored, their access becomes active again. When an account is deleted, access to the resource for that user is deleted. When a group is removed from the service, the user access that maps to that group is also removed.

An administrator typically configures the access to resources on a service based on the need for a particular user group. Users can request or delete access. They can manage access to the resources they use without the need to understand the underlying technology such as account attributes.

Parent topic: Features overview