Initiates a request to Roles Based Provisioning Module (RBPM) for creating a resource specified in the Resource Name field. If the distinguished name of the entitlement is specified in the request, Identity Manager creates a resource with an entitlement. Otherwise, the resource is created without an entitlement. To request for a static resource, specify the value of the entitlement. Specifying an entitlement value is not needed for creating a dynamic resource. When the action is successfully performed, Identity Manager generates a success message in the success.do-create-resource local variable. If a policy containing this action encounters an error, an error message is generated in the error.do-create-resource local variable. For more information about local variables, see Local Variable Selector. This action is available only with the Identity Manager server version 4.6 and later.
Specify the name of the resource to create. Supports variable expansion. For more information, see Variable Selector.
Specify the URL of the User Application server hosting the Roles Based Provisioning module. Supports variable expansion. For more information, see Variable Selector.
Specify the name of the user authorized to request the resource assignment in LDAP format. Supports variable expansion. For more information, see Variable Selector.
Specify the number of milliseconds you want Identity Manager to try to establish a connection to the User Application server before timing out. The default value is 0.
NOTE:This option is introduced in Identity Manager 4.8.2. If you are on a prior version of Identity Manager, you can use the REST APIs by directly editing the XML file for the do-create-resource action. For more information, see the NetIQ Identity Manager Designer Administration Guide.
Specify whether you want to use REST API. To use REST API, set the value to true. The default value is false.
Specify the authorized user password. You can enter a clear text password (not recommended) or use the Argument Builder to specify a Named Password.
(Optional) Specify additional argument strings for the Resource creation request. You can enter the strings manually or select the Edit the Strings icon to open the Named String Builder and specify the strings. For more information about the Named String Builder, see Named String Builder.
The Create Resource action supports the following string arguments:
String Name |
Description |
---|---|
Description |
A description of the reason for the request used for auditing and approval purposes if necessary. Default: Request generated by policy. |
Display Name |
Display name of the resource to be created. Default: Resource name. |
Entitlement DN |
DN of the entitlement in LDAP format. |
Static |
The type of resource to be created. You must specify the entitlement value while creating a static resource. |
Entitlement Value |
The value of the entitlement in JSON format. This is only needed if you are creating a static resource. For example, { "ID": "f1e84f2a7964614eaa45407c724e3a98", "ID2": "CN=Domain Users,CN=Users,DC=yourcompany,DC=msft" } |
Category Key |
The category in which the resource should be created. For example, system, default, or both. |
Owner |
The owner of the resource in LDAP format. Multiple owners are allowed for a resource. Specify multiple owners in a semi colon(;) separated list. |
Grant Approver |
The approver of the resource assignment in LDAP format. Multiple approvers are allowed. Specify multiple approvers in a semi colon(;) separated list to form a serial approval process. |
Grant Quorum |
Minimum percentage of approvals required for creating a resource. |
Revoke Approver |
Approver who has the rights for revoking a resource in LDAP format. Leave this field blank if this is the same approver who granted the resource. Multiple approvers are allowed to revoke a resource. Specify multiple approvers in a semi colon(;) separated list, which forms a serial approval process. |
Revoke Quorum |
Minimum percentage of approval required for revoking a resource. |
Allow Override |
Specifies whether the role approval overrides the resource approval. Default: false |
Multi-valued |
Specifies whether the resource has multiple entitlement values. Default: false |
PRD DN |
DN of Provisioning Request Definition in LDAP format. |
SubContainer |
Indicates the LDAP DN of the container in which the resource will be created. This applies only when the REST API is used. |