| Person |
- Person Full Name
- The full name of a user.
- Person Last Name
- The surname of a user.
- Person Preferred User ID
- Represents the name that a user might prefer during an account
creation.
- Person Email
- An email address of a user.
- Person Status
- The status of the user entity. The valid values are
Active and Inactive.
- Person Business Unit Name
- The name of the business unit to which a user belongs.
- Person Administrative Assistant Dn
- An LDAP distinguished name for the administrative assistant of
a user.
- Person Dn
- An LDAP distinguished name for a user.
- Person Business Unit Dn
- An LDAP distinguished name for the business unit to which a user
belongs.
- Person Business Unit Supervisor
- An LDAP distinguished name for the supervisor of the business
unit to which a user belongs.
|
| Person Aliases |
- Person Alias Name
- The name of a user alias.
- Person Dn
- An LDAP distinguished name for the user to which an alias belongs.
|
| Person Manager |
- Person Full Name
- The full name of the manager.
- Person Last Name
- The surname of the manager.
- Person Status
- The status of the manager entity. The valid values are
Active and Inactive.
- Person Dn
- An LDAP distinguished name for the manager.
- Person Business Unit Dn
- An LDAP distinguished name for the business unit to which a manager
belongs.
- Person Supervisor
- The user supervisor of the manager.
|
| Account |
- Account Name
- The name of an account.
- Account Status
- The status of an account. The valid values are
Active and Inactive.
- Account Compliance
- The compliance status of an account. The valid values are
Unknown, Compliant, Disallowed,
and Non Compliant.
- Account Ownership Type
- The ownership type of an account. The valid values are
Individual, System, Device,
and Vendor.
- Account Last Access Date
- The last accessed date of an account.
- Account Service Name
- The name of the service on which an account is provisioned.
- Account Service Type
- The profile of the service on which an account is provisioned.
- Account Service Url
- A URL that connects to the service on which an account is provisioned.
- Account Service Business Unit Name
- An LDAP distinguished name for the business unit to which a service
belongs.
- Account Dn
- An LDAP distinguished name for an account.
- Account Service Dn
- An LDAP distinguished name for the service on which an account
is provisioned.
- Account Service Business Unit Dn
- An LDAP distinguished name for the business unit to which a service
belongs.
- Account Service Owner Dn
- An LDAP distinguished name for a user who is the owner of the
service.
- Account Service Business Unit Supervisor Dn
- An LDAP distinguished name for the supervisor of the business
unit to which a service belongs.
- Account Owner Business Unit Dn
- An LDAP distinguished name for the business unit of a user who
owns the account.
|
| Role |
- Role Name
- The name of a role.
- Role Description
- The description of a role.
- Role Type
- The type of a role. The valid values are
Static and Dynamic.
- Role Access Enabled
- Represents whether or not access for a role is enabled. True represents
Enabled, and False represents Disabled.
- Role Common Access Enabled
- Represents whether or not common access for the role is enabled.
The valid values are
True and False.
- Role Access Type
- The type of an access that is enabled for a role.
- Role Dn
- An LDAP distinguished name for the role.
- Role Business Unit Dn
- An LDAP distinguished name for the business unit of a role.
|
| Person ACI |
- ACI Name
- The name of the Access Control Item (ACI).
- ACI Protection Category
- The category of an entity that an ACI protects. The value of this
item must be
Person.
- ACI Target
- The type of the selected protection category that is associated
with an ACI. The valid values are
inetOrgPerson and erPersonItem.
- ACI scope
- The scope of an ACI. It determines whether an ACI is applicable
to subunits of a business organization or not. The valid values and
their meanings:
single - The policy applies to a business unit
and not its subunits.subtree - The policy applies to the subunits
of a business organization.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit on which an ACI
is defined.
|
| ACI Operations |
- ACI Operation Name
- The name of an operation that an ACI governs.
- ACI Operation Permission
- The permission that applies to an ACI operation. The valid values
are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit.
|
| ACI Attribute Permissions |
- ACI Attribute Name
- The name of an attribute for which an ACI controls the permissions.
- ACI Attribute Operation
- The name of an operation that can be run on an attribute. The
valid values are r for read operation, w for
write operation, and rw for read and write operations.
- ACI Attribute Permission
- The permission that applies to an ACI operation. The valid values
are
grant and deny.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit.
|
| ACI Members |
- ACI Member Name
- The members that an ACI governs. The valid values are:
All Users - All users in the system.Profile Owner - The owner of the profile.Manager - The manager of the profile owner.Sponsor - The sponsor of the Business Partner
organization in which the person resides.Administrator - The administrator of the domain
in which the person resides.Service Owner- The owner of the service.Access Owner - The owner of an access.
- ACI System Group Name
- Represents the name of the group whose members are governed by
an ACI.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit.
- ACI System Group Dn
- An LDAP distinguished name for the system group.
|
| Supervised Business Unit |
- Business Unit Name
- The name of a business unit.
- Business Unit Supervisor
- A user who is the supervisor of a business unit.
- Business Unit Dn
- An LDAP distinguished name for the business unit to which a user
belongs.
- Business Unit Container Dn
- An LDAP distinguished name for the parent business unit of an
organization entity.
|
| Service Ownership |
- Service Name
- The name of a service to which the accounts are provisioned.
- Service Dn
- An LDAP distinguished name for the service.
- Service Container Dn
- An LDAP distinguished name for the business unit of a service.
- Service Owner Dn
- An LDAP distinguished name for a user who owns the service.
- Service Url
- A URL that connects to the managed resource.
- Service Type
- The service profile type.
|
| Roles Ownership |
- Role Name
- The name of a role.
- Role Description
- The description of a role.
- Role Type
- The type of a role. The valid values are
Static and Dynamic.
- Role Access Enabled
- Represents whether an access for a role is enabled or not. True represents
Enabled, and False represents Disabled.
- Role Common Access Enabled
- Represents whether or not common access for the role is enabled.
The valid values are
True and False.
- Role Access Type
- The type of an access that is enabled for a role.
- Role Dn
- An LDAP distinguished name for a role.
- Role Business Unit Dn
- An LDAP distinguished name for the business unit of a role.
|
| Group Ownership |
- Group Name
- The name of a group for which an access is defined.
- Group Type
- The profile type of a group.
- Group Access Name
- The name of an access that is defined for a group.
- Group Access Type
- The type of an access that is defined for a group.
- Group Service Name
- The name of a service on which the group is provisioned.
- Group Service Type
- The profile type of a service on which the group is provisioned.
- Group Service Url
- A URL that connects to the service to which the group is provisioned.
- Group Service Business Unit Name
- The name of a business unit to which the service belongs.
- Group Dn
- An LDAP distinguished name for a group entity to which an access
is defined.
- Group Service Dn
- An LDAP distinguished name for the service that is associated
to a group.
- Group Service Business Unit Dn
- An LDAP distinguished name for the business unit to which a service
belongs.
- Group Service Owner Dn
- An LDAP distinguished name for a user who owns the service.
- Group Service Business Unit Supervisor
- An LDAP distinguished name for the supervisor of a business unit
to which a service belongs.
|
| Credential Pool Ownership |
- Credential Pool Name
- The name of a credential pool.
- Credential Pool Service Dn
- An LDAP distinguished name for a service to which the group associated
with a credential pool is provisioned.
- Credential Pool Business Unit Dn
- An LDAP distinguished name for the business unit of a credential
pool.
- Credential Pool Dn
- An LDAP distinguished name for the credential pool.
|
| Separation of Duty Policy Ownership |
- Separation of Duty Policy Name
- The name of the separation of duty policy.
- Separation of Duty Policy Description
- The description of the separation of duty policy.
- Separation of Duty Policy Enabled
- Indicates whether or not the policy is enabled. True represents
Enabled, and False represents Disabled.
- Separation of Duty Policy Business Unit Name
- The name of a business unit to which the separation of duty policy
applies.
- Separation of Duty Policy Id
- A unique numeric identifier for the separation of duty policy.
|
| User |
- Full Name
- The full name of the user.
- Last Name
- The surname of the user.
- Type
- The profile type of the user, which is either person or business
partner person.
- Status
- The status of the user, which is either Active and Inactive.
- Supervisor
- The supervisor of the user.
- Business Unit Name
- The name of the business unit to which a user belongs.
- Dn
- An LDAP distinguished name for a user.
- Business Unit Dn
- An LDAP distinguished name for the business unit to which a user
belongs.
|