Roles for the Real World
Novell Identity Manager 4 Takes a Giant Step Toward Practical Role-Based Resource Management with Role Mapping Administrator
Written by Bill Tobey
Using Role Mapping Administrator
In the Role Mapping administrator interface, the left pane displays all the roles that have been defined for this organization in Novell Identity Manager. (See Figure 1.) In this view we see a resource assignment change in progress. Because the Accounting role has been selected, the center pane displays all the resources currently provisioned to this role, as well as the resources available for assignment, which are shown in the right-hand pane. In this view, the right column shows the authorizations available within an instance of Active Directory. The current user—a finance manager responsible for a new acquisition merger—has selected a workgroup mailing list for the merger team, and is dragging it onto the center pane, adding it to the resource assignments for the Accounting role.
Before the change is applied, Role Mapping Administrator provides a confirmation prompt, and offers the user an opportunity to annotate the change. (See Figure 2.) Once this assignment is confirmed, all members of the Accounting role will automatically be added to the mailing list.
Access to applications can be assigned just as simply. Role Mapping Administrator can call up and display the available authorizations for any IT system for which there is an Identity Manager connector. (See Figure 3.)
With the available application authorizations now loaded and displayed in the right-hand column, our finance manager now selects an authorization to access the merger accounts in Oracle Financials. (See Figure 4.) She is about to map that permission to the Accounting role, and it currently appears as a pending assignment in the center pane.
When this change is confirmed, Novell Identity Manager 4 Advanced Edition will automatically create the required user accounts behind the scenes. The mailing list and the accounting application will be added to the resource set that is automatically provisioned to anyone joining the Accounting role and automatically de-provisioned from anyone transitioning out of the Accounting function.
Three months from now when the merger project has been completed, removing these authorizations from the Accounting role will be just as quick and easy. The finance manager will simply sign in to Role Mapping Administrator, select the Accounting role, highlight the resources to be de-provisioned in the center column, click Remove, and then Apply. Novell Identity Manager 4 Advanced Edition will do the rest.
Role Mapping Administrator also makes it easy to track which authorizations are currently in use and by which roles. Selecting an application in the right pane and clicking View References in the menu above displays a list of all the roles to which that application has been provisioned. (See Figure 5.)
Provisioning Power to the Business People
With most of the role-based resource management solutions in use today, changes like the ones described above still require custom code development, excessive expense and frustrating delay. The entire process of defining the necessary changes, documenting requirements, outsourcing development, then testing and validating the resulting code often delay essential new resource authorizations by days, weeks, a month or more.
With Role Mapping Administrator the entire process can be completed by a line-of-business analyst in a matter of minutes, using a simple, intuitive visual tool. It’s a powerful innovation that can reduce the labor, time and cost requirements of role-based resource management by an order of magnitude. More importantly, it puts the power to quickly and efficiently provision IT resources to important new business initiatives exactly where it belongs—in the hands of business-side managers.
To learn more about Novell Identity Manager 4 Advanced Edition and Role Mapping Administrator, visit the product site at www.novell.com/products/identitymanager/. You’ll find a flash version of the demo above at www.novell.com/media/content/idm4-role-mapping-administrator.html.