Creating an access control item
As an administrator, you can create an access control item to specify a set of operations and permissions. Then, you can apply the access control item to the roles and groups that you want to be governed by the access control item.
Before you begin
If you create an access control item that applies to a new group, create the group first.
About this task
You can use the Create access control item wizard to create additional access control items.
Procedure
- From the navigation tree, select .
- On the Manage Access Control Items page, in the Access Control Items table, click Create.
- On the Create Access Control Item wizard, on the General page, specify the name of the access control item and a protection category. If you selected Account as your protection category, specify an object class. Specify on which business unit the access control item applies, and whether business subunits are also controlled. Specify whether to apply protection to all objects, or to a subset of objects that are selected by a filter statement that you provide. Then, click Next.
- On the Operations page, select one or more operations, and set the permission to Grant, Deny, or None. Then, click Next.
- On the Permissions page, for each Read or Write field for each attribute, select Grant, Deny, or None. The table might contain multiple pages of attributes. Click the right arrow button to set permissions for other attributes on the other pages. Then, click Next.
- On the Membership page, specify the focus for roles or group membership that this access control item governs.
- Click Finish.
- On the Success page, click Close.
What to do next
You might associate the access control item with a customized group that you previously created.
After you create an access control item or change an existing access control item, run a data synchronization to ensure that other IBM® Security Privileged Identity Manager processes, such as the reporting engine, use the new or changed access control item.