ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalvcrtdomainpolicy.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Create a default domain policy association" />
<meta name="DC.Relation" scheme="URI" content="rzalvcrtpolassoc.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalvcrtdomainpolicy" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Create a default domain policy association</title>
</head>
<body id="rzalvcrtdomainpolicy"><a name="rzalvcrtdomainpolicy"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Create a default domain policy association</h1>
<div><div class="section"><p>To create a <a href="rzalv_domain_policy.htm#rzalv_domain_policy">default
domain policy association</a>,  you must be connected to the Enterprise
Identity Mapping (EIM) domain in which you want to work and you
must have <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> at
one of these levels: </p>
<ul><li>EIM administrator</li>
<li>Registry administrator</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> A policy association  describes a relationship between multiple
user identities and a single user identity in a target user registry. You
can use a policy association to describe a relationship between a source set
of multiple user identities and a single target user identity in a specified
target user registry. Policy associations use EIM mapping policy support to
create many-to-one mappings between user identities without involving an EIM
identifier. <p>Because you can use policy associations in a variety of overlapping
ways, you need to have a thorough understanding of EIM <a href="rzalv_map_pol_support.htm#rzalv_map_pol_support">mapping
policy support</a> before you create and use policy associations.  Also,
to prevent potential problems with associations and how they map identities,
you need to <a href="rzalv_id_map_plan.htm#id_map_plan">develop
an overall identity mapping plan</a> for your enterprise before you begin
defining associations. </p>
</div>
<p>In a default domain policy association,
all users in the domain are the source of the policy association and are mapped
to a single target registry and target user. You can define a default domain
policy association for each registry in the domain.  If two or more domain
policy associations refer to the same target registry, you can define  unique
lookup information for each of these policy associations to ensure that mapping
 lookup operations can distinguish between them. Otherwise, mapping lookup
operations may return  multiple target user identities. As a result of these
ambiguous results, applications that rely on EIM may not be able to determine
the exact target identity to use.  </p>
<p>To create a default domain policy
association, complete these steps:</p>
</div>
<ol><li class="stepexpand"><span>Expand <span class="uicontrol">Network &gt; Enterprise Identity Mapping &gt; Domain
Management</span>.</span></li>
<li class="stepexpand"><span>Right-click the EIM domain in which you want to work and select <span class="uicontrol">Mapping
Policy...</span></span> <ul><li>If the EIM domain you want to work with is not listed under <span class="uicontrol">Domain
Management</span>, see <a href="rzalvadmindomainadd.htm#rzalvadmindomainadd">Add an EIM domain to the Domain Management folder</a>.</li>
<li>If you are not currently connected to the EIM domain in which you want
to work, see <a href="rzalvadmindomaincon.htm#rzalvadmindomaincon"> Connect
to the EIM domain controller</a>. </li>
</ul>
</li>
<li class="stepexpand"><span>Select <span class="uicontrol">Enable mapping lookups using policy associations
for domain</span> on the <kbd class="userinput">General</kbd> page.</span></li>
<li class="stepexpand"><span>Select the <span class="uicontrol">Domain</span> page and click <span class="uicontrol">Add...</span>.</span></li>
<li class="stepexpand"><span>In the <span class="uicontrol">Add Default Domain Policy Association</span> dialog,
specify the following  required information: </span> <ul><li>The registry definition name of the <span class="uicontrol">Target registry</span> for
the policy  association.</li>
<li>The user identity name of the <span class="uicontrol">Target user</span> for the
policy association.  </li>
</ul>
</li>
<li class="stepexpand"><span>Click <span class="uicontrol">Help</span>, if necessary, for more details
about how to complete this and subsequent dialogs.</span></li>
<li class="stepexpand"><span>Optional. Click <span class="uicontrol">Advanced...</span> to display the <span class="uicontrol">Add
Association - Advanced</span> dialog. Specify <span class="uicontrol">Lookup information</span> for
the policy  association and click <span class="uicontrol">OK</span> to return to the <span class="uicontrol">Add
Default Domain Policy Association</span> dialog.</span> <div class="note"><span class="notetitle">Note:</span> If
two or more default domain policy associations refer to the same  target registry,
you must define unique <a href="rzalvlookupinfodef.htm#lookup_info_def">lookup
information</a> for each of the target user identities in these policy
associations. By defining lookup information  for each target user identity
in this situation, you ensure that mapping lookup operations can distinguish
between them. Otherwise, mapping lookup operations may return multiple target
user identities. As a result of these ambiguous results, applications that
rely on EIM may not be able to determine the exact target identity to use.</div>
</li>
<li class="stepexpand"><span>Click <span class="uicontrol">OK</span> to create the new policy association
and return to the <span class="uicontrol">Domain</span> page. The new policy association
now displays in the <span class="uicontrol">Default policy associations</span> table.</span></li>
<li class="stepexpand"><span>Verify that the new policy association is enabled for the target
registry.</span></li>
<li class="stepexpand"><span>Click <span class="uicontrol">OK</span> to save your changes and exit the <span class="uicontrol">Mapping
Policy</span> dialog.</span></li>
</ol>
<div class="section"><div class="note"><span class="notetitle">Note:</span> <a href="rzalvenablepoliciesforregistry.htm#enable_policies_for_registry">Verify
that mapping policy support and the use of policy associations for target
user registry are properly enabled</a>. If it is not enabled, the policy
association can not take effect.</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvcrtpolassoc.htm">Create a policy association</a></div>
</div>
</div>
</body>
</html>