For the Past few months i had the chance to get my hands on the IBM IGI Product, So far the product seemed good but it is still a little backward considering other governance tools like aveksa and sailpoint.
Its got the potential but it purely depends on the developers at IBM on which way it is to go...but from my past experience with crossideas i have to say its grown alot... really alot...
Ok so moving to the topic...
In IGI the default visible options in GUI allows only one accessowner to be added to a permission(basically a group or access in AD or Linux etc).
But sometimes like other tools we might need to configure multiple owners for a permission, by default the option of configuring multiple owners are generally not enabled.
To enable it we will have to twerk the tool a little...
Follow the below steps for it....
1. Login to IGI. Go to Access Governance Core > Configure > Admin Roles. Check if 2 IT Roles with the name “UserReviewer” and “EntitlementReviewer” for application “AccessCertifier” are already present. These two roles should be present by default unless they are forcibilly removed..
2. if the roles are not there then do not panic just create it for application accesscertifier.
3. Now create a Business Role with the name “Entitlement Owner”.
4. Browse to the Organizational Units Tab click on Actions tab and click on Add and select the top most OU and click on OK button.(This part is option if u are using any rule to push this information then u will certainly need to do this if u are doing it manually then u can avoid it)
5. Select the option Hierarchy and make sure enabled is Yes and click on OK button.
6. Select the Entitlement Owner Business Role and in the Management Tab add the two roles UserReviewer and EntitlementReviewer ITRoles using the Action button.
7. Now click on user tab and search for the users to whom u want to add the owner for...now on selecting the user it will show all the permissions, basically u can select the permission and add them for which the selected person will be the owner of...
So if u want to automate this can u do it.....yes we can ....basically u will have to write a rule to do this..
To use a access owner certification go to the reviewers tab u have to select the option entitlement under entity...
Basically it will initiate a campaign for all the entitlements selected under this campaign and set their reviewers as the ones set as their owners.
Now the question is what happens to the default owners that are set on the permission directly rather than the admin role...well they will also be considered as the access owner for that entitlement and they will also get a review for that entitlement...
Its got the potential but it purely depends on the developers at IBM on which way it is to go...but from my past experience with crossideas i have to say its grown alot... really alot...
Ok so moving to the topic...
In IGI the default visible options in GUI allows only one accessowner to be added to a permission(basically a group or access in AD or Linux etc).
But sometimes like other tools we might need to configure multiple owners for a permission, by default the option of configuring multiple owners are generally not enabled.
To enable it we will have to twerk the tool a little...
Follow the below steps for it....
1. Login to IGI. Go to Access Governance Core > Configure > Admin Roles. Check if 2 IT Roles with the name “UserReviewer” and “EntitlementReviewer” for application “AccessCertifier” are already present. These two roles should be present by default unless they are forcibilly removed..
2. if the roles are not there then do not panic just create it for application accesscertifier.
3. Now create a Business Role with the name “Entitlement Owner”.
4. Browse to the Organizational Units Tab click on Actions tab and click on Add and select the top most OU and click on OK button.(This part is option if u are using any rule to push this information then u will certainly need to do this if u are doing it manually then u can avoid it)
5. Select the option Hierarchy and make sure enabled is Yes and click on OK button.
6. Select the Entitlement Owner Business Role and in the Management Tab add the two roles UserReviewer and EntitlementReviewer ITRoles using the Action button.
7. Now click on user tab and search for the users to whom u want to add the owner for...now on selecting the user it will show all the permissions, basically u can select the permission and add them for which the selected person will be the owner of...
So if u want to automate this can u do it.....yes we can ....basically u will have to write a rule to do this..
To use a access owner certification go to the reviewers tab u have to select the option entitlement under entity...
Basically it will initiate a campaign for all the entitlements selected under this campaign and set their reviewers as the ones set as their owners.
Now the question is what happens to the default owners that are set on the permission directly rather than the admin role...well they will also be considered as the access owner for that entitlement and they will also get a review for that entitlement...
