NetIQ Identity Manager Catalog Administrator4.0.2 provides new features and user interfaces for the Identity Manager product.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager forum on NetIQ Forums, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click Add Comment at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation page. To download this product, see the NetIQ Downloads Web site.
NetIQ Identity Manager Catalog Administrator is a Web-based tool that allows business and security analysts manage roles and resources in Identity Manager. Though catalog is not a unique database or a set of files, it encompasses all information about roles, resources, and relationship between them. Catalog Administrator allows you to view and manage permission assignments across various connected systems in organizations managed by Identity Manager. Catalog Administrator also allows you to design roles and map them with resources across connected systems.
You can use Catalog Administrator to:
Associate resources to roles within your organization
Create new roles and assign other roles to them
Create separation of duties (SoD) constraints to manage potential conflicts between roles
Create new resources, either from an entitlement or without an entitlement
Modify existing roles and resources
You must install to an existing Identity Manager Home and Provisioning Dashboard environment, so the operating system and other system requirements are described in the Identity Manager Home and Provisioning Dashboard documentation at https://www.netiq.com/documentation/idm402/idmhome-releasenotes/data/idmhome-releasenotes.html#b149h4pv.
Complete the following steps to install Catalog Administrator:
Stop JBoss.
At a command prompt, navigate to the IDMProv/tmp directory and enter the following command:
rm -rf *
At a command prompt, navigate to the IDMProv/work/jboss.web directory and enter the following command:
rm -rf *
Copy rra.war and IDMProv.war to the deploy folder. For example, /opt/novell/idm/rbpm/jboss/server/IDMProv/deploy.
At a command prompt, navigate to the permindex directory, for example, /tmp/permindex, and enter the following command:
rm -rf *
Run configupdate.sh.
Ensure the information in the Catalog Administration section at the bottom of the SSO Clients tab is correct.
(Conditional) Change all instances of localhost to specify the actual server DNS name or IP address. You should only use localhost if all access to Identity Manager Home and Provisioning Dashboard will be local, including access through a browser. The address must be resolvable from all clients.
(Conditional) If you configured specific ports in your environment for use with Catalog Administrator, modify the port numbers as necessary.
(Conditional) If you use a database other than PostgreSQL, follow the instructions in the Configuring Non-PostgreSQL User Application Databases section of the Identity Manager Home and Provisioning Dashboard User Guide.
(Conditional) If you specified a context other than the default IDMProv context when you installed the Roles Based Provisioning Module, repeat the steps in the Installing Identity Manager Home and Provisioning Dashboard Using a Non-Default Context section of the Identity Manager Home and Provisioning User Guide.
Start JBoss.
Click
.Create Catalog Admin Roles and Catalog Admin Resources links on the Identity Manager Home and Provisioning page by running the CatalogAdminTile/createCatalogAdminTiles.sh script in the CatalogAdminTiles.zip package.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
After you create a role or a resource, Catalog Administrator does not maintain the user interface focus on that role or resource. Maintaining focus on the new role or resource allows you to more easily manage that role or resource. Instead, Catalog Administrator changes the focus to the first role or resource in the list.
To manage a role or resource, scroll down or search the catalog.
Accounts that do not have full permission for role and resource administration cannot access Catalog Administrator. The user cannot be a delegated administrator or have permission for only one domain.
If you change the revoke approval process from quorum to serial approval, the approval process does not change as expected.
To work around the issue, change the approval process from quorum to none, and then change it to serial. Be aware that when you change the process from quorum to none, all associated approvers are lost, so ensure that you take note of the approvers and associate them to the process after you change it from none to serial.
When you create a resource in the Roles Based Provisioning Module and view its details in Catalog Administrator, the details page shows only one entitlement value, even if there are multiple values associated with the resource. The entitlement values are still associated with the resource, even if you modify the resource in Catalog Administrator.
Catalog Administrator does not support creating a role or a resource without entitlements that have spaces at the beginning or end of the name. If you create a role or resource with leading or trailing spaces and try to edit them, Catalog Administrator may create duplicate entries for them. Catalog Administrator does not allow you delete them from the list. Instead you must delete them directly from eDirectory and restart JBoss to eliminate them from the list.
You may also see errors if you try to associate roles that have spaces at the beginning or end of the name with other roles.
For resources that require fields to be supplied with values when the resource is requested, Catalog Manager does not display the fields when you map the resource to a role.
You cannot select values for the dynamic resources because the page fails to load completely.
The following issues have been observed on Safari browser on iOS6. No such issues are reported on other browsers, such as Chrome and Safari on iOS7.
The New Resource button doesn’t work if the private mode setting is disabled.
Enable the private mode setting on the browser before attempting to create a new resource.
The SoD editor doesn't load the SoD form.
The Map Resources button does not work as expected.
The following operations are not supported with this release of Catalog Administrator. Instead, you should consider the Roles and Resource tab in the User Application for performing them.
Assigning and revoking roles or resources.
Viewing the history of assignments of roles and resources.
Create, manage, or view resource request parameters.
Assigning a parent role to a level 20 or level 10 role.
Customizing text in the user interface.
Changing languages for names and descriptions. The names and descriptions of roles, resources, and separation of duties definitions can only be created and viewed in the character set of the default language of the User Application.
Managing Separation of Duties individually or as a group. To view a Separation of Duties definition, you must select one of the roles that uses the definition, then expand the Separation of Duties definition.
Adding additional languages.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.