Layer7 Identity Management

Expand all | Collapse all

Supervisor Login

Jump to Best Answer
  • 1.  Supervisor Login

    Posted 06-28-2016 07:54 AM

    Hi All,


    We have a requirement according to which, when a User login's into CA IDM, he/she should be able to view/modify details of it's Direct reporties.




  • 2.  Re: Supervisor Login

    Posted 06-28-2016 08:51 AM

    Hi Vasu,


    This specific use case should be managed using "Delegated Administration".

    Delegated Administration - CA Identity Manager - 12.6.8 - CA Technologies Documentation


    Regards, Roberto

  • 3.  Re: Supervisor Login
    Best Answer

    Posted 06-28-2016 11:33 AM

    The requirement isn't too clear but to me it doesn't sound like delegated administration. It sounds more like you need business managers to be members of administrative role that will allow them the scope to view and modify the employees or users in their business scope.  If that is the case then you will need to work out an administration model and assign the proper admin roles to these managers and scope them correctly as need be.



  • 4.  Re: Supervisor Login

    Posted 06-30-2016 04:40 AM

    Hi Vasu


    The "manager" attribute for each direct report should be populated with the unique id of the manager in the IM user store. Make sure that you only store the unique id, and not the full DN of the manager.

    Then set up an admin role for "Supervisor" (or whatever you want to call it) and give it the tasks to modify users. Scope the role membership as per screenshot (in this example, the unique id is called "PRID" - by default it is called "User ID") so that the member can only manage those users who have his unique id in their "manager" attribute.




    Assign this role to all supervisors.