176 lines
9.9 KiB
HTML
176 lines
9.9 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Identify needed skills and roles" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzalv_plan_eim_for_eserver.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzalv_plan_roles" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Identify needed skills and roles</title>
|
|
</head>
|
|
<body id="rzalv_plan_roles"><a name="rzalv_plan_roles"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Identify needed skills and roles</h1>
|
|
<div><p>Enterprise Identity Mapping (EIM) is designed so that a single person can
|
|
easily be responsible for configuration and administration in a small organization.
|
|
Or, in a larger organization, you may prefer to have a number of different
|
|
individuals handle these responsibilities. The number of people that you need
|
|
on your team varies depending on the number of required skills that each team
|
|
member possesses, the types of platforms involved in your EIM implementation,
|
|
and how your organization prefers to divide its security roles and responsibilities.</p>
|
|
<p>A successful EIM implementation requires the configuration and interaction
|
|
of several software products. Because each of these products requires specific
|
|
skills and roles, you may choose to create an EIM implementation team that
|
|
consists of people from several different disciplines, particularly if you
|
|
work in a large organization.</p>
|
|
<p>The following information describes the skills and <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> authority
|
|
required to implement EIM successfully. These skills are presented in terms
|
|
of job titles for people who specialize in those skills. For example, a task
|
|
requiring Lightweight Directory Access Protocol (LDAP) skills is referred
|
|
to as a task for a Directory Server administrator.</p>
|
|
<div class="section"><h4 class="sectiontitle">Team members and their roles</h4><p>The following information
|
|
describes the responsibilities and required authority of the roles that are
|
|
needed for managing EIM. You can use this list of roles to determine the team
|
|
members that are needed to install and configure prerequisite products and
|
|
to configure EIM and one or more EIM domains.</p>
|
|
<p>One of the first sets
|
|
of roles that you need to define is the number and type of administrators
|
|
for your EIM domain. All personnel that are given EIM administrative duties
|
|
and authority need to be involved in the EIM planning process as members of
|
|
the EIM implementation team.</p>
|
|
<div class="note"><span class="notetitle">Note:</span> EIM administrators play an important
|
|
role in your organization and have as much power as individuals that are allowed
|
|
to create user identities on your systems. When they create EIM associations
|
|
for user identities, they determine who can access your computer systems and
|
|
what privileges they have when doing so. IBM<sup>®</sup> recommends that you give this authority
|
|
to those individuals in whom you have a high level of trust based on your
|
|
company's security policy. </div>
|
|
<p>The following table lists potential team
|
|
member roles and the tasks and skills needed for configuring and managing
|
|
EIM. For more detailed information about the EIM administrative tasks that
|
|
each role can perform, see <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a>.</p>
|
|
<div class="note"><span class="notetitle">Note:</span> If
|
|
a single person in your organization will be responsible for all EIM configuration
|
|
and administration tasks, that person should be given the role and authority
|
|
of EIM administrator. </div>
|
|
<div class="p">
|
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Roles,
|
|
tasks, and skills for configuring EIM</caption><thead align="left"><tr><th align="left" valign="top" width="33.33333333333333%" id="d0e49">Role</th>
|
|
<th valign="top" width="33.33333333333333%" id="d0e51">Authorized tasks</th>
|
|
<th align="left" valign="top" width="33.33333333333333%" id="d0e53">Required skills</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">EIM administrator</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 "><ul><li>Coordinating domain operations</li>
|
|
<li>Adding, removing, and changing registry definitions, EIM identifiers,
|
|
and associations for user identities</li>
|
|
<li>Controller authority to the data within an EIM domain</li>
|
|
</ul>
|
|
</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of the EIM administration tools</td>
|
|
</tr>
|
|
<tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">EIM identifiers administrator</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 "><ul><li>Creating and changing EIM identifiers</li>
|
|
<li>Adding and removing administrative and source associations (cannot add
|
|
or remove target associations)</li>
|
|
</ul>
|
|
</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of the EIM administration tools</td>
|
|
</tr>
|
|
<tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">EIM registries administrator</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 ">Managing all EIM registry definitions: <ul><li>Adding and removing target associations (cannot add or remove source and
|
|
administrative associations)</li>
|
|
<li>Updating EIM registry definitions</li>
|
|
</ul>
|
|
</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of: <ul><li>All the user registries defined to the EIM domain (such as information
|
|
about user identities)</li>
|
|
<li>The EIM administration tools</li>
|
|
</ul>
|
|
</td>
|
|
</tr>
|
|
<tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">EIM registry X administrator</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 ">Managing a specific EIM registry definition: <ul><li>Adding and removing target associations for a specific user registry (for
|
|
example, registry X)</li>
|
|
<li>Updating a specific EIM registry definition</li>
|
|
</ul>
|
|
</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of: <ul><li>The particular user registry defined to the EIM domain (such as information
|
|
about user identities)</li>
|
|
<li>The EIM administration tools</li>
|
|
</ul>
|
|
</td>
|
|
</tr>
|
|
<tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">Directory server (LDAP) administrator</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 "><ul><li>Installing and configuring a directory server (if necessary)</li>
|
|
<li>Customizing directory server configuration for EIM</li>
|
|
<li>Creating an EIM domain (see note)</li>
|
|
<li>Defining users that are authorized to access the EIM domain controller</li>
|
|
<li>Optional: Defining the first EIM administrator<div class="note"><span class="notetitle">Note:</span> The directory server
|
|
administrator can do can do everything that an EIM administrator can do.</div>
|
|
</li>
|
|
</ul>
|
|
</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of: <ul><li>Directory server installation, configuration, and customization</li>
|
|
<li>EIM administration tools</li>
|
|
</ul>
|
|
</td>
|
|
</tr>
|
|
<tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">User registry administrator</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 "><ul><li>Setting up user profiles or user identities for a specific user registry</li>
|
|
<li>Optional: Serving as an EIM registry administrator for specified user
|
|
registry</li>
|
|
</ul>
|
|
</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of: <ul><li>Tools for administering the user registry</li>
|
|
<li>EIM administration tools</li>
|
|
</ul>
|
|
</td>
|
|
</tr>
|
|
<tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">System programmer or System administrator</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 ">Installing needed software products (may include installing
|
|
EIM)</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of: <ul><li>System programming or administration skills</li>
|
|
<li>Installation procedures for the platform</li>
|
|
</ul>
|
|
</td>
|
|
</tr>
|
|
<tr><td valign="top" width="33.33333333333333%" headers="d0e49 ">Application programmer</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e51 "><p>Writing applications that use EIM APIs</p>
|
|
</td>
|
|
<td valign="top" width="33.33333333333333%" headers="d0e53 ">Knowledge of: <ul><li>Platform</li>
|
|
<li>Programming skills </li>
|
|
<li>Compiling programs</li>
|
|
</ul>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<p>After you identify which roles you want to use for configuring
|
|
and managing EIM in your enterprise, you can <a href="rzalv_plan_domain.htm#rzalv_plan_domain">plan an EIM domain</a>.</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalv_plan_eim_for_eserver.htm">Plan Enterprise Identity Mapping for eServer</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |