Symantec IGA

  • 1.  Supervisor Login

    Posted Jun 28, 2016 07:54 AM

    Hi All,

     

    We have a requirement according to which, when a User login's into CA IDM, he/she should be able to view/modify details of it's Direct reporties.

     

    Thanks,

    Vasu



  • 2.  Re: Supervisor Login

    Posted Jun 28, 2016 08:51 AM

    Hi Vasu,

     

    This specific use case should be managed using "Delegated Administration".

    Delegated Administration - CA Identity Manager - 12.6.8 - CA Technologies Documentation

     

    Regards, Roberto



  • 3.  Re: Supervisor Login
    Best Answer

    Broadcom Employee
    Posted Jun 28, 2016 11:33 AM

    The requirement isn't too clear but to me it doesn't sound like delegated administration. It sounds more like you need business managers to be members of administrative role that will allow them the scope to view and modify the employees or users in their business scope.  If that is the case then you will need to work out an administration model and assign the proper admin roles to these managers and scope them correctly as need be.

     

    Sagi



  • 4.  Re: Supervisor Login

    Broadcom Employee
    Posted Jun 30, 2016 04:40 AM

    Hi Vasu

     

    The "manager" attribute for each direct report should be populated with the unique id of the manager in the IM user store. Make sure that you only store the unique id, and not the full DN of the manager.

    Then set up an admin role for "Supervisor" (or whatever you want to call it) and give it the tasks to modify users. Scope the role membership as per screenshot (in this example, the unique id is called "PRID" - by default it is called "User ID") so that the member can only manage those users who have his unique id in their "manager" attribute.

     

    Manager.jpg

     

    Assign this role to all supervisors.

     

    Regards

     

    Pearse