Initial security conditions after installation

Initial security conditions after installation

The initial security conditions of predefined groups, views, and access control items require additional steps to grant and manage user access to resources. Initial conditions and first planning steps for security that administrators might take after installing IBM Security Identity Manager.

Topic Initial condition Implementation steps

Groups Default groups initially have no members except the System Administrator group, which contains one user named itim manager. Specify another system administrator to ensure that we do not accidentally lose access to ISIM. Assign individuals to default groups. Create custom groups, related views, and access control items.

Group settings in security properties The check box to automatically populate ISIM groups is disabled. Optionally specify the option to automatically populate ISIM groups, If we feed identity records into ISIM, manually populate members into predefined groups.

Views Default groups have a set of permitted tasks that members can use. Specify the view for the user's own accounts and information, and other tasks in the user interface.

Access control items Initially, all users have read access to their personal profiles. Other default access control items apply, for example, to the owner of a service and the manager of a subordinate. Specify one or more access control items that restrict or expand access. Expand or restrict access that enables users to modify fields in a personal profile. Select users to manage delegation schedules.

Forms Initially, forms contain a set of attributes for each available category. The set of attributes can be configured with the form designer. Customize the forms with the form designer to reflect the attributes that need to appear or be hidden on the form. What attributes are required in the business environment to appear on the form for each category? If we customize groups, views, and related access control items after initial installation, we might also want to show or hide some fields. The fields match the expanded or limited permissions you specified during customization.

Topic	Initial condition	Implementation steps
Groups	Default groups initially have no members except the System Administrator group, which contains one user named itim manager.	Specify another system administrator to ensure that we do not accidentally lose access to ISIM. Assign individuals to default groups. Create custom groups, related views, and access control items.
Group settings in security properties	The check box to automatically populate ISIM groups is disabled.	Optionally specify the option to automatically populate ISIM groups, If we feed identity records into ISIM, manually populate members into predefined groups.
Views	Default groups have a set of permitted tasks that members can use.	Specify the view for the user's own accounts and information, and other tasks in the user interface.
Access control items	Initially, all users have read access to their personal profiles. Other default access control items apply, for example, to the owner of a service and the manager of a subordinate.	Specify one or more access control items that restrict or expand access. Expand or restrict access that enables users to modify fields in a personal profile. Select users to manage delegation schedules.
Forms	Initially, forms contain a set of attributes for each available category. The set of attributes can be configured with the form designer.	Customize the forms with the form designer to reflect the attributes that need to appear or be hidden on the form. What attributes are required in the business environment to appear on the form for each category? If we customize groups, views, and related access control items after initial installation, we might also want to show or hide some fields. The fields match the expanded or limited permissions you specified during customization.