Identify needed skills and roles

Enterprise Identity Mapping (EIM) is designed so that a single person can easily be responsible for configuration and administration in a small organization. Or, in a larger organization, you may prefer to have a number of different individuals handle these responsibilities. The number of people that you need on your team varies depending on the number of required skills that each team member possesses, the types of platforms involved in your EIM implementation, and how your organization prefers to divide its security roles and responsibilities.

A successful EIM implementation requires the configuration and interaction of several software products. Because each of these products requires specific skills and roles, you may choose to create an EIM implementation team that consists of people from several different disciplines, particularly if you work in a large organization.

The following information describes the skills and EIM access control authority required to implement EIM successfully. These skills are presented in terms of job titles for people who specialize in those skills. For example, a task requiring Lightweight Directory Access Protocol (LDAP) skills is referred to as a task for a Directory Server administrator.

Team members and their roles

The following information describes the responsibilities and required authority of the roles that are needed for managing EIM. You can use this list of roles to determine the team members that are needed to install and configure prerequisite products and to configure EIM and one or more EIM domains.

One of the first sets of roles that you need to define is the number and type of administrators for your EIM domain. All personnel that are given EIM administrative duties and authority need to be involved in the EIM planning process as members of the EIM implementation team.

Note: EIM administrators play an important role in your organization and have as much power as individuals that are allowed to create user identities on your systems. When they create EIM associations for user identities, they determine who can access your computer systems and what privileges they have when doing so. IBM® recommends that you give this authority to those individuals in whom you have a high level of trust based on your company's security policy.

The following table lists potential team member roles and the tasks and skills needed for configuring and managing EIM. For more detailed information about the EIM administrative tasks that each role can perform, see EIM access control.

Note: If a single person in your organization will be responsible for all EIM configuration and administration tasks, that person should be given the role and authority of EIM administrator.
Table 1. Roles, tasks, and skills for configuring EIM
Role Authorized tasks Required skills
EIM administrator
  • Coordinating domain operations
  • Adding, removing, and changing registry definitions, EIM identifiers, and associations for user identities
  • Controller authority to the data within an EIM domain
 Knowledge of the EIM administration tools
EIM identifiers administrator
  • Creating and changing EIM identifiers
  • Adding and removing administrative and source associations (cannot add or remove target associations)
 Knowledge of the EIM administration tools
EIM registries administrator Managing all EIM registry definitions:
  • Adding and removing target associations (cannot add or remove source and administrative associations)
  • Updating EIM registry definitions
 Knowledge of:
  • All the user registries defined to the EIM domain (such as information about user identities)
  • The EIM administration tools
EIM registry X administrator Managing a specific EIM registry definition:
  • Adding and removing target associations for a specific user registry (for example, registry X)
  • Updating a specific EIM registry definition
 Knowledge of:
  • The particular user registry defined to the EIM domain (such as information about user identities)
  • The EIM administration tools
Directory server (LDAP) administrator
  • Installing and configuring a directory server (if necessary)
  • Customizing directory server configuration for EIM
  • Creating an EIM domain (see note)
  • Defining users that are authorized to access the EIM domain controller
  • Optional: Defining the first EIM administrator
    Note: The directory server administrator can do can do everything that an EIM administrator can do.
 Knowledge of:
  • Directory server installation, configuration, and customization
  • EIM administration tools
User registry administrator
  • Setting up user profiles or user identities for a specific user registry
  • Optional: Serving as an EIM registry administrator for specified user registry
 Knowledge of:
  • Tools for administering the user registry
  • EIM administration tools
System programmer or System administrator Installing needed software products (may include installing EIM) Knowledge of:
  • System programming or administration skills
  • Installation procedures for the platform
Application programmer

Writing applications that use EIM APIs

 Knowledge of:
  • Platform
  • Programming skills
  • Compiling programs

After you identify which roles you want to use for configuring and managing EIM in your enterprise, you can plan an EIM domain.

Parent topic: Plan Enterprise Identity Mapping for eServer