15.3 Editing Resources

You can modify all the resource parameters except Level and Subcontainer. Identity applications allow you to edit each resource separately or multiple resources at once.

Editing individual resources: Select a resource from the list that you want to edit and perform any of the following operations:

Editing multiple resources at once: You can edit multiple resources as a group instead of requiring you to repeat those actions on each resource individually. Select the resources you want to manage from the list of resources. You can change Categories, Owners, and Approval Details for the resources you selected. Also, you can Append or Overwrite values for Categories and Owners for the selected resources. Append option allows you to add values without altering the existing entries. Overwrite option replaces the values that are entered for the existing values.

For more information, see Changing the Approval or Revocation Process.

Delete Resources: To delete any resource from the list, select the resource and click Delete.

What happens to existing resource assignments When you a delete a resource that already has one or more identities assigned to it, the system removes the resource from those identities. If the resource has been associated with a role, the system also removes all role associations that pertain to the deleted resource.

15.3.1 Setting Expiration Period for the Resource

To set the expiration period, enable Expiration required and set the number of Days/Months/Years when the access to the selected resource(s) should expire.

Expiration period sets the expiration date for a resource from the date of assignment.

Users can also request for resources in Access > Request page, for a specific period. For more information, see Requesting Permissions in NetIQ Identity Manager - User’s Guide to the Identity Applications.

For more information, click on the Dashboard.

15.3.2 Changing the Approval or Revocation Process

After you create a resource, you can modify the resource information and define the approval process for it. You can choose the role approval process to override the resource approval process.

You can define the approval process for a resource using one of the following options:

  • Serial Approval: Specify multiple approvers, and define the order by selecting an approver and moving that approver earlier or later in the order by clicking the arrows at the right of the approval list.

  • Quorum Approval: Specify the approvers, then use the slide bar to specify the percent of those approvers that are required to grant access.

  • Custom: Specify the customized approval process from the list that you want to use. The list displays the workflows that are defined using Designer.

    NOTE:You must set up this approval process in Identity Manager Designer. For more information, see NetIQ Identity Manager - Administrator’s Guide to Designing the Identity Applications.

If you choose None, no approvers are required for assigning the resources.

You can choose to have a revoke process or not. The revocation process can match the approval process. Also, you can define a different revocation process.

You can modify the expiration period for the selected resources. See, Setting Expiration Period for the Resource.

15.3.3 Assigning Resource to Users

You can directly assign the selected resource to any user in your organization.

  1. Select a resource that you want to assign to users.

  2. In Resource Assignments, click +.

  3. Specify the Initial Request Description, and mention the Recipients from the list.

    NOTE:In Initial Request Description, describe the purpose of assigning a resource to the mentioned users in Recipients list.

  4. Click Assign Resource.

For more information, click on the Dashboard.

15.3.4 Updating the Resource Request Form

A resource form is used to gather necessary data to properly assign a resource. Create and define the fields for the resource.

This is an example for resource form. The Region field is added for the Mobile resource. Following illustration displays the form at the time of the request.

Figure 15-1 Example Resource Request Form

You can assign a value to the field and select At request/assign time to allow users to specify the values at the time of request or resource assignment. If you want to assign values now, select Now.

In Data Value List, you can select one of the following data types to add a field into the request form:

Data Type

Description

Integer

This allows you to gather only numerical information about the selected resource.

For example,

If you require to gather information related to quantity or number of days, weeks, or hours, you can use this data type.

Boolean

This allows you to gather true/false sort of information.

For example,

If the selected resource is printer, you might need to confirm whether they require a color printer or not. In this case, you can use this data type to provide an option to requesters.

List

This allows you to select values from the list.

If you want users to select the defined values, you can provision the options using this data type.

For example,

If you want to know the time zone of the requester, you can provision this field by listing all the timezones for this field.

For more information about creating such lists, see Creating a List to Improve Resource Request Forms.

String

This allows you to gather more information on a resource request.

For example,

If you want to know the reason for this request or assignment, you can use this data type for a field to gather this information.

NOTE:When you select Now option in Assign Value, these fields appear on the request form at the time of request or assignment by default. If you want to hide these fields, select Hide.

For more information, click on the Dashboard.