ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalvadminusrauthorities.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Manage EIM user access control" />
<meta name="abstract" content="Use this information to learn how to manage access for users with LDAP." />
<meta name="description" content="Use this information to learn how to manage access for users with LDAP." />
<meta name="DC.Relation" scheme="URI" content="rzalvadmin.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalvadminusrauthorities" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Manage EIM user access control</title>
</head>
<body id="rzalvadminusrauthorities"><a name="rzalvadminusrauthorities"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Manage EIM user access control</h1>
<div><p>Use this information to learn how to manage access for users with
LDAP.</p>
<div class="section"><p>An Enterprise Identity Mapping (EIM) user is a user who possesses <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> based on their
membership in predefined Lightweight Directory Access Protocol (LDAP) user
groups. Specifying EIM access control  for a user adds that user to a specific
LDAP user group. Each LDAP group has authority to perform various EIM administrative
tasks in a domain. Which and what type of administrative tasks, including
lookup operations, an EIM user can perform is determined by the access control
group to which the EIM user belongs. </p>
<p>Only users with either LDAP administrator
access control or EIM administrator access control can add other users to
an EIM access control group or change access control settings for other users.
Before a user can become a member of an EIM access control group, that user
must have an  entry in the directory server that acts as the EIM domain controller.
Also, only specific  types of users can be made a member of an EIM access
control group: Kerberos principals,  distinguished names, and i5/OS™ user profiles. </p>
<div class="note"><span class="notetitle">Note:</span> To
have the Kerberos principal user type available in EIM, <a href="../rzakh/rzakh000.htm">network authentication service</a> must
be configured on the system.  To have the i5/OS user profile type available in EIM,
you must configure a system object suffix on the directory server. This allows
the directory server to reference i5/OS system objects, such as i5/OS user profiles.</div>
<p>To
manage access control for an existing directory server user or to add an existing
directory user to an EIM access control group, complete these steps:</p>
</div>
<ol><li class="stepexpand"><span>Expand <span class="uicontrol">Network &gt; Enterprise Identity Mapping &gt; Domain
Management</span>.</span></li>
<li class="stepexpand"><span>Select the EIM domain in which you want to work.</span> <ul><li>If the EIM domain you want to work with is not listed under <span class="uicontrol">Domain
Management</span>, see <a href="rzalvadmindomainadd.htm#rzalvadmindomainadd">Add an EIM domain to the Domain Management folder</a>.</li>
<li>If you are not currently connected to the EIM domain in which you want
to work, see <a href="rzalvadmindomaincon.htm#rzalvadmindomaincon"> Connect
to the EIM domain controller</a>. </li>
</ul>
</li>
<li class="stepexpand"><span>Right-click the EIM domain to which you are connected and select <span class="uicontrol">Access
Control...</span></span></li>
<li class="stepexpand"><span>In the <span class="uicontrol">Edit EIM Access Control</span> dialog, select
the <span class="uicontrol">User type</span> to display the fields required to provide
identifying information for the user.</span></li>
<li class="stepexpand"><span>Enter the required user information to identify the user for whom
you want to manage EIM access control and click <span class="uicontrol">OK</span> to
display the <span class="uicontrol">Edit EIM Access Control</span> panel. Click <span class="uicontrol">Help</span>,
if necessary, to determine what information to specify for each field.</span></li>
<li class="stepexpand"><span>Select one or more <span class="uicontrol">Access Control</span> groups
for the user and click <span class="uicontrol">OK</span> to add the user to the selected
groups. Click <span class="uicontrol">Help</span> for  more detailed information about
what authority each group has and to learn about any special  requirements.</span></li>
<li class="stepexpand"><span>After you provide the required information, click <span class="uicontrol">OK</span> to
save your changes.</span></li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadmin.htm" title="Use this information to learn how to manage your Enterprise Identity Mapping (EIM) domain and domain data, including how to manage EIM domains, identifiers, associations, registry definitions, EIM access control, and more.">Manage Enterprise Identity Mapping</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="Manage EIM user access control" />`
			`<meta name="abstract" content="Use this information to learn how to manage access for users with LDAP." />`
			`<meta name="description" content="Use this information to learn how to manage access for users with LDAP." />`
			`<meta name="DC.Relation" scheme="URI" content="rzalvadmin.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzalvadminusrauthorities" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Manage EIM user access control</title>`
			`</head>`
			`<body id="rzalvadminusrauthorities"><a name="rzalvadminusrauthorities"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Manage EIM user access control</h1>`
			`<div><p>Use this information to learn how to manage access for users with`
			`LDAP.</p>`
			`<div class="section"><p>An Enterprise Identity Mapping (EIM) user is a user who possesses <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> based on their`
			`membership in predefined Lightweight Directory Access Protocol (LDAP) user`
			`groups. Specifying EIM access control for a user adds that user to a specific`
			`LDAP user group. Each LDAP group has authority to perform various EIM administrative`
			`tasks in a domain. Which and what type of administrative tasks, including`
			`lookup operations, an EIM user can perform is determined by the access control`
			`group to which the EIM user belongs. </p>`
			`<p>Only users with either LDAP administrator`
			`access control or EIM administrator access control can add other users to`
			`an EIM access control group or change access control settings for other users.`
			`Before a user can become a member of an EIM access control group, that user`
			`must have an entry in the directory server that acts as the EIM domain controller.`
			`Also, only specific types of users can be made a member of an EIM access`
			`control group: Kerberos principals, distinguished names, and i5/OS™ user profiles. </p>`
			`<div class="note"><span class="notetitle">Note:</span> To`
			`have the Kerberos principal user type available in EIM, <a href="../rzakh/rzakh000.htm">network authentication service</a> must`
			`be configured on the system. To have the i5/OS user profile type available in EIM,`
			`you must configure a system object suffix on the directory server. This allows`
			`the directory server to reference i5/OS system objects, such as i5/OS user profiles.</div>`
			`<p>To`
			`manage access control for an existing directory server user or to add an existing`
			`directory user to an EIM access control group, complete these steps:</p>`
			`</div>`
			`<ol><li class="stepexpand"><span>Expand <span class="uicontrol">Network > Enterprise Identity Mapping > Domain`
			`Management</span>.</span></li>`
			`<li class="stepexpand"><span>Select the EIM domain in which you want to work.</span> <ul><li>If the EIM domain you want to work with is not listed under <span class="uicontrol">Domain`
			`Management</span>, see <a href="rzalvadmindomainadd.htm#rzalvadmindomainadd">Add an EIM domain to the Domain Management folder</a>.</li>`
			`<li>If you are not currently connected to the EIM domain in which you want`
			`to work, see <a href="rzalvadmindomaincon.htm#rzalvadmindomaincon"> Connect`
			`to the EIM domain controller</a>. </li>`
			`</ul>`
			`</li>`
			`<li class="stepexpand"><span>Right-click the EIM domain to which you are connected and select <span class="uicontrol">Access`
			`Control...</span></span></li>`
			`<li class="stepexpand"><span>In the <span class="uicontrol">Edit EIM Access Control</span> dialog, select`
			`the <span class="uicontrol">User type</span> to display the fields required to provide`
			`identifying information for the user.</span></li>`
			`<li class="stepexpand"><span>Enter the required user information to identify the user for whom`
			`you want to manage EIM access control and click <span class="uicontrol">OK</span> to`
			`display the <span class="uicontrol">Edit EIM Access Control</span> panel. Click <span class="uicontrol">Help</span>,`
			`if necessary, to determine what information to specify for each field.</span></li>`
			`<li class="stepexpand"><span>Select one or more <span class="uicontrol">Access Control</span> groups`
			`for the user and click <span class="uicontrol">OK</span> to add the user to the selected`
			`groups. Click <span class="uicontrol">Help</span> for more detailed information about`
			`what authority each group has and to learn about any special requirements.</span></li>`
			`<li class="stepexpand"><span>After you provide the required information, click <span class="uicontrol">OK</span> to`
			`save your changes.</span></li>`
			`</ol>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvadmin.htm" title="Use this information to learn how to manage your Enterprise Identity Mapping (EIM) domain and domain data, including how to manage EIM domains, identifiers, associations, registry definitions, EIM access control, and more.">Manage Enterprise Identity Mapping</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`