1.2 Terminology

The following terms are used throughout the Role Mapping Administrator interface and documentation:

authorization: A role, composite role, or profile.

Identity Vault: The LDAP directory used by the Role Mapping Administrator for user authentication, data retrieval, and data storage.

role (or Identity Vault role): An enterprise role that has been defined in the Role Based Provisioning Module for automating the provisioning of entitlements to users. For the Role Mapping Administrator, the authorizations being mapped to the role are added to the entitlements that are provisioned by the role.

resource: An enterprise resource provides the ability for end users to request provisioning of entitlements/authorizations for themselves or for users that they have a relationship with. Resources provide the ability for administrators to gain better control over the management of user access to entitlements/authorizations, ensuring that the right people have the right access to the right resources.

Role Mapping Administrator: The Web application used to map authorizations to Identity Vault roles, and to create, edit, and delete Identity Vault roles.

Role Mapping Administrator Database: The database used to store the authorizations that the Role Mapping Administrator retrieves from the available managed systems.