5.4 Creating a New Team

To create a new team:

  1. Click the Create Team button at the top of the Team page.

    The New Team dialog displays.

  2. Provide a name and description for the team.

    To specify a localized name and description for the team, click the arrow near the Name and Description field labels in the form.

    NOTE:The Team page allows you to create multiple teams with the same name. However, Identity Manager recommends that you define teams with unique names.

  3. In the Requesters field, select the users and groups that will be the requesters for the team.

  4. To include the selected requesters as recipients of the permissions that will be requested, select the Include the selected requesters in the recipients list check-box.

  5. In the Recipients field, choose the objects for which you are making a request.

    The following objects are supported in the team configuration:

  6. Click Apply to preserve your team configuration settings.

    After the team is saved, the Permissions section is added to the page, and the Team Permissions Configuration interface is displayed.

    The Team Permissions Configuration interface includes buttons for adding new permissions, deleting permissions and refreshing the display. The Permissions section of the page does not include an Edit button because the details associated with each permission are shown in the Permissions list. If a particular team permission is not properly defined, you can simply delete the permission and add a new one in its place.

  7. To define the permissions for the team, click Add Permission.

    This interface shows controls that apply to the domain selected for the team. These controls allow you to specify which objects are within the scope of the team and which permissions team recipients have with respect to these objects.

  8. Follow these steps to define permissions for a team that uses the Provisioning domain:

    1. To include all provisioning request definitions, click the All Provisioning Request Definitions radio button.

    2. To select provisioning request definitions individually, choose the Select Provisioning Request Definitions radio button and search for the provisioning request definitions.

    3. After defining the scope for the team, choose the permissions you want to allow for each object by selecting the object and picking the desired permissions in the Permissions control.

      The provisioning permissions are same for team configurations as for User Application administrator assignments.

      Permission

      Description

      Initiate PRD

      Allows the user to initiate the selected provisioning requests.

      NOTE:The Initiate PRD permission has no effect on the behavior of the Novell-installed PRDs for resources, roles, and attestation within the User Application, since these PRDs cannot be initiated directly from the User Application. However, this permission does control whether these PRDs can be initiated from a SOAP call.

      Retract PRD

      Allows the user to retract the selected provisioning requests when they are in progress.

      View Running PRD

      Allows the user to view the selected provisioning requests when they are in progress.

      For more information on the provisioning permissions, see Administrator Assignments in the NetIQ Identity Manager User Application: Administration Guide.

    4. Click Add to save the permissions for the selected objects or containers.

      To delete a permission, select the permission and click Remove Permission.

      To refresh the list of permissions for the team, click Refresh.

  9. Follow these steps to define permissions for a team that uses the Role domain:

    1. To include all roles in all levels in the roles hierarchy, choose All Role Levels in the Role Sub Containers radio button.

      To include all roles at a particular level in the role hierarchy, expand All Role Levels and choose one of the following levels:

      • IT Role

      • Business Role

      • Permission Role

        To include all roles in a particular sub container under the selected role level, expand the selected role level and select the sub container.

    2. To select roles individually, choose Select Roles radio button and search for the roles.

    3. After defining the role scope for the team, choose the permissions you want to allow for each object by selecting the object and picking the desired permissions from the Permissions control.

      The following role permissions are supported in team configurations:

      • View Role

      • Assign Role

      • Revoke Role

      • Assign Role to Group and Container

      • Revoke Role from Group and Container

      These role permissions have the same behavior as for User Application administrator assignments.

      Permission

      Description

      View Role

      Allows the user to view the selected roles.

      This setting applies only at the container level.

      Assign Role To User

      Allows the user to assign users to the selected roles.

      IMPORTANT:Only the Security Administrator can assign system roles on the Work Dashboard tab and the Roles and Resources tab.

      Revoke Role From User

      Allows the user to revoke user assignments for the selected roles.

      Assign Role To Group And Container

      Allows user to assign groups and containers to the selected roles.

      Revoke Role From Group And Container

      Allows the user to revoke group and container assignments for the selected roles.

      For more information, see Administrator Assignments in the NetIQ Identity Manager User Application: Administration Guide.

    4. Click Add to save the permissions for the selected objects or containers.

      To delete a permission, select the permission and click Remove Permission.

      To refresh the list of permissions for the team, click Refresh.

  10. Follow these steps to define permissions for a team that uses the Resource domain.

    1. To include all resources, click the All Resources radio button.

    2. To select resources individually, choose the Select Resources radio button and search for the resources.

    3. After defining the resource scope for the team, choose the permissions you want to allow for each object by selecting the object and picking the desired permissions from the Permissions control.

      The following resource permissions are supported in team configurations:

      • View Resource

      • Assign Resource

      • Revoke Resource

      These resource permissions have the same behavior as for User Application administrator assignments.

      Permission

      Description

      View Resource

      Allows the user to view the selected resources.

      Assign Resource

      Allows the user to assign users to the selected resources.

      Revoke Resource

      Allows the user to revoke user assignments for the selected resources.

      For more information on resource permissions, see Administrator Assignments in the NetIQ Identity Manager User Application: Administration Guide.

    4. Click Add to save the permissions for the team.

      To delete a permission, select the permission and click Remove Permission.

      To refresh the list of permissions for the team, click Refresh.