System-defined operations
IBM Security Identity Manager includes a set of system-defined operations that implement the features of the system.
The system-defined operations are specific to the entity types. Although we can customize these operations, we cannot change the input parameter definitions, the type of operation (static or non-static), or the name of the operation. Click Configure System > Manage Operations to access these operations in the ISIM console.
If we directly customize a system operation of an entity type, we cannot delete it and then later restore it back to the default operation. Deleting a system-defined operation for an entity type is not allowed. We must manually remove the customization.
Operations defined for entities override operations defined for entity types. If an operation with the same name exists for both an entity and an entity type, the entity operation is the operation that is started by the operation workflow. Because system-defined operations implement the base business processes for Security Identity Manager, exercise caution when customizing these workflows.
For example, if we have specific business process requirements, create a user-defined operation by overriding the system-defined entity type operations. The system-defined delete operation for the Account entity type deprovisions the account and permanently removes the user data from the remote system. To prevent the loss of that user data on AIX systems, create a delete operation for AIX accounts that sends a request to the service owner of the AIX systems. The request asks them to specify whether to suspend the account or go ahead and deprovision the account. This user-defined entity operation is specific to AIX accounts. All other accounts are still managed by the system-defined entity type operation, which deprovisions the account and removes the user data from the remote system.
When we customize an entity type operation for a specific entity, a copy of the system-defined entity type operation is created. We do not change the system-defined entity type operation. If to return to the system-defined entity type definition, delete the entity operation that we created. Security Identity Manager provides the following system-defined entity types:
For the Person and Business Partner Person entity types, Security Identity Manager provides the following system-defined operations:
- Global
- Specifies all entity types (Account, Business Partner Person, Person).
- Account
- Specifies all account types, such as Security Identity Manager user accounts, Linux accounts, or ISIM accounts.
- Business Partner Person
- Specifies all business partner user types, including the default business partner entity and any custom business partner entities.
- Person
- Specifies all person types, including the default Person entity and any custom Person entities.
For the account entity type, Security Identity Manager provides the following system-defined operations:
Operation Description Enter add Creates a user in ISIM and enforces the policy on the new user. Static delete Deletes a user from Identity Manager. Nonstatic modify Modifies a user’s attributes and enforces policy on the updated user. Nonstatic restore Restores an inactive user. Nonstatic selfRegister Creates a user in Identity Manager and enforces policy on the new user. Static suspend Suspends an active user. Nonstatic transfer Transfers a user from one business unit to another and then enforces policy when the transfer is complete. Nonstatic
Operation Description Enter add Creates an account. Static changePassword Changes the password for an account. Nonstatic delete Deprovisions an account. Nonstatic modify Modifies an account. Static restore Restores an inactive account. Nonstatic suspend Suspends an active account. Nonstatic Parent topic: Operation workflows