NetIQ Identity Manager Catalog Administrator4.0.2 Release Notes

March 2014

NetIQ Identity Manager Catalog Administrator4.0.2 provides new features and user interfaces for the Identity Manager product.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager forum on NetIQ Forums, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click Add Comment at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation page. To download this product, see the NetIQ Downloads Web site.

1.0 What’s New?

NetIQ Identity Manager Catalog Administrator is a Web-based tool that allows business and security analysts manage roles and resources in Identity Manager. Though catalog is not a unique database or a set of files, it encompasses all information about roles, resources, and relationship between them. Catalog Administrator allows you to view and manage permission assignments across various connected systems in organizations managed by Identity Manager. Catalog Administrator also allows you to design roles and map them with resources across connected systems.

You can use Catalog Administrator to:

  • Associate resources to roles within your organization

  • Create new roles and assign other roles to them

  • Create separation of duties (SoD) constraints to manage potential conflicts between roles

  • Create new resources, either from an entitlement or without an entitlement

  • Modify existing roles and resources

[Return to Top]

2.0 System Requirements

You must install to an existing Identity Manager Home and Provisioning Dashboard environment, so the operating system and other system requirements are described in the Identity Manager Home and Provisioning Dashboard documentation at https://www.netiq.com/documentation/idm402/idmhome-releasenotes/data/idmhome-releasenotes.html#b149h4pv.

[Return to Top]

3.0 Installing NetIQ Identity Manager Catalog Administrator

Complete the following steps to install Catalog Administrator:

  1. Stop JBoss.

  2. At a command prompt, navigate to the IDMProv/tmp directory and enter the following command:

    rm -rf *

  3. At a command prompt, navigate to the IDMProv/work/jboss.web directory and enter the following command:

    rm -rf *

  4. Copy rra.war and IDMProv.war to the deploy folder. For example, /opt/novell/idm/rbpm/jboss/server/IDMProv/deploy.

  5. At a command prompt, navigate to the permindex directory, for example, /tmp/permindex, and enter the following command:

    rm -rf *

  6. Run configupdate.sh.

  7. Ensure the information in the Catalog Administration section at the bottom of the SSO Clients tab is correct.

  8. (Conditional) Change all instances of localhost to specify the actual server DNS name or IP address. You should only use localhost if all access to Identity Manager Home and Provisioning Dashboard will be local, including access through a browser. The address must be resolvable from all clients.

  9. (Conditional) If you configured specific ports in your environment for use with Catalog Administrator, modify the port numbers as necessary.

  10. (Conditional) If you use a database other than PostgreSQL, follow the instructions in the Configuring Non-PostgreSQL User Application Databases section of the Identity Manager Home and Provisioning Dashboard User Guide.

  11. (Conditional) If you specified a context other than the default IDMProv context when you installed the Roles Based Provisioning Module, repeat the steps in the Installing Identity Manager Home and Provisioning Dashboard Using a Non-Default Context section of the Identity Manager Home and Provisioning User Guide.

  12. Start JBoss.

  13. Click OK.

  14. Create Catalog Admin Roles and Catalog Admin Resources links on the Identity Manager Home and Provisioning page by running the CatalogAdminTile/createCatalogAdminTiles.sh script in the CatalogAdminTiles.zip package.

[Return to Top]

4.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

4.1 Catalog Administrator Changes Focus After Creating a New Role or Resource

After you create a role or a resource, Catalog Administrator does not maintain the user interface focus on that role or resource. Maintaining focus on the new role or resource allows you to more easily manage that role or resource. Instead, Catalog Administrator changes the focus to the first role or resource in the list.

To manage a role or resource, scroll down or search the catalog.

4.2 Access Requires Full Permissions for Role and Resource Administration

Accounts that do not have full permission for role and resource administration cannot access Catalog Administrator. The user cannot be a delegated administrator or have permission for only one domain.

4.3 Cannot Change Revoke Process from Quorum to Serial

If you change the revoke approval process from quorum to serial approval, the approval process does not change as expected.

To work around the issue, change the approval process from quorum to none, and then change it to serial. Be aware that when you change the process from quorum to none, all associated approvers are lost, so ensure that you take note of the approvers and associate them to the process after you change it from none to serial.

4.4 Details Page Displays Only One Entitlement Value

When you create a resource in the Roles Based Provisioning Module and view its details in Catalog Administrator, the details page shows only one entitlement value, even if there are multiple values associated with the resource. The entitlement values are still associated with the resource, even if you modify the resource in Catalog Administrator.

4.5 Roles and Resource Names with Leading or Trailing Spaces are Not Supported

Catalog Administrator does not support creating a role or a resource without entitlements that have spaces at the beginning or end of the name. If you create a role or resource with leading or trailing spaces and try to edit them, Catalog Administrator may create duplicate entries for them. Catalog Administrator does not allow you delete them from the list. Instead you must delete them directly from eDirectory and restart JBoss to eliminate them from the list.

You may also see errors if you try to associate roles that have spaces at the beginning or end of the name with other roles.

4.6 Dynamic Fields Are Not Displayed When a Resource is Mapped To a Role

For resources that require fields to be supplied with values when the resource is requested, Catalog Manager does not display the fields when you map the resource to a role.

[Return to Top]

4.7 Mapping a Dynamic Resource to a Role is Not Supported on iOS7

You cannot select values for the dynamic resources because the page fails to load completely.

4.8 Issues on iPad iOS6 Safari Browser

The following issues have been observed on Safari browser on iOS6. No such issues are reported on other browsers, such as Chrome and Safari on iOS7.

The New Resource Button Does Not Work When Private Mode Setting Is Disabled

The New Resource button doesn’t work if the private mode setting is disabled.

Enable the private mode setting on the browser before attempting to create a new resource.

The SoD Editor Fails to Load the SoD Form in the Right Panel

The SoD editor doesn't load the SoD form.

The Map Resources Button does not work

The Map Resources button does not work as expected.

4.9 Features Not Supported in This Release

The following operations are not supported with this release of Catalog Administrator. Instead, you should consider the Roles and Resource tab in the User Application for performing them.

  • Assigning and revoking roles or resources.

  • Viewing the history of assignments of roles and resources.

  • Create, manage, or view resource request parameters.

  • Assigning a parent role to a level 20 or level 10 role.

  • Customizing text in the user interface.

  • Changing languages for names and descriptions. The names and descriptions of roles, resources, and separation of duties definitions can only be created and viewed in the character set of the default language of the User Application.

  • Managing Separation of Duties individually or as a group. To view a Separation of Duties definition, you must select one of the roles that uses the definition, then expand the Separation of Duties definition.

  • Adding additional languages.

5.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

[Return to Top]