Static and dynamic roles
IBM Security Identity Manager provides static and dynamic roles.
With static organizational roles, assigning a person to a static role is a manual process.
With dynamic roles, the scope of access can be an organizational unit and its subunits. Dynamic organizational roles use LDAP filters to set a user's membership in a specific role. For example, an LDAP filter that provide access to specific resources to users who are members of an auditing department named audit123. For example, type:
(departmentnumber=audit123)
Dynamic organizational roles are evaluated...
- when a new user is created in the ISIM system
- when a user's information, such as title or department membership, changes
- when a new dynamic organizational role is created
Parent topic: Role planning