6.6 Creating an Entitlements Service Driver Object

Before you can create Entitlement policies, you need an Entitlements Service Driver object. You must create one for each driver set.

If you don’t have an object, you are prompted to create one when you click the Role-Based Entitlements role and task.

  1. Find out whether you already have an Entitlements Service driver.

    In iManager, click Role-Based Entitlements > Role-Based Entitlements, then select the driver set.

    • If the No Entitlements Service Driver page appears, continue with Step 2 to create an Entitlements Service Driver object.

    • If a Role-Based Entitlements page appears with a list of Entitlement Policies, you already have an Entitlements Service Driver object. You don’t need to complete this procedure. Continue with Section 6.7, Creating Entitlement Policies.

  2. In the No Entitlements Service Driver page, click Yes.

    The Create Driver Wizard opens.

    You can also click DirXML Utilities > Import Drivers.

  3. In the Create Driver Wizard page, Select In an Existing Driver Set, then click Next.

  4. In the Import a Driver Configuration from the Server (.XML file) drop-down list, select Entitlement.xml.

    The drop-down option to select Entitlement.XML
  5. Name the Entitlements Service Driver object (or accept the default name), then click Next.

    The edit box to name the Entitlements Service driver

    The correct driver configuration file is chosen automatically. Just specify a name for the driver object or use the default.

  6. We recommend that you define security equivalences and exclude administrative roles. Add user Admin to both of these selections, then click Next.

  7. Review the summary, then click Finish.

    The driver shim for the Entitlements Driver is installed by default when you install Identity Manager. The Entitlements Driver configuration file is installed by default when you install the Identity Manager plug-ins on your iManager server.

    After completing the Wizard, you can access the plug-ins for Entitlements and begin creating Role-Based Entitlement Policies for this driver set.

IMPORTANT:If the driver set that hosts the Entitlement Services driver is assigned to more than one server, the Entitlement Services driver must be enabled on only one of those servers at a time. No other configuration is supported.

Although you can add more than one server to the driver set containing the Entitlement Services driver in iManager, the Role-Based Entitlements plug-in in iManager checks to see if the driver set is assigned to multiple servers and displays a configuration error message if it is. Even though other methods (LDAP calls, etc.) won’t give you such configuration error messages, the only supported configuration is to associate the Entitlements Services driver to one server.