CA ACF2

Expand all | Collapse all

role based access control in ACF2

  • 1.  role based access control in ACF2

    Posted 11-21-2016 08:16 AM

    Hello,

     

    We're implementing an identity management software in our company (IIQ) that connects to several platforms (AD, MF (ACF2), etc...). That product works with roles. A logonid there may have several roles assigned to him.
    Our ACF2 setup is currently UID based. We are using multi valued UID strings. A logonid may have up to 5 UID's in our case.
    I know of the existence of X-ROL records in ACF2 and how that works. I also had a meeting with CA on their implementation of role based access control in ACF2. But I was wondering if anyone has performed a migration from UID based accesses to X-ROL records and is willing to share his experiences here (or just has something to say on implementing role based access control in an ACF2 environment):

     

    • Did you perform a complete migration (all UID accesses translated to ROLE accesses) ? If not, why ?
    • How did you migrate (rulesets cannot have both UID rules and role rules at the same time which makes it hard to migrate).
    • Any tooling that might be handy here ? (EKC has some tools available, CA too, others ?). Any experiences with them ?
    • How many roles are logonids typically in ? Did you notice any change in performance / cpu consumption ? I suppose it makes a difference if a role is first in the validation list of a logonid or if it's placed further up.
    • Any other attention points ?

     

    Regards,
    Hans.



  • 2.  Re: role based access control in ACF2

    Posted 02-07-2019 03:17 PM

    Hans,

     

    We Just completed a conversion from UID to role based access. I know maybe a few years too late, but if you would like to compare notes, let me know.



  • 3.  Re: role based access control in ACF2

    Posted 02-08-2019 11:13 AM

    Hello,

     

    Thank you for your reaction. A colleague of mine is working on it now, and I've relayed your update to him.

     

    Regards,

    Hans.