| Role |
- Role Name
- The name of a role.
- Role Description
- The description of a role.
- Role Type
- The type of a role. The valid values are
Static and Dynamic.
- Role Access
Enabled
- Represents whether an access for a role is enabled
or not. True
represents
Enabled, and False represents Disabled.
- Role Common Access
Enabled
- Represents whether a common access for the role is
enabled or
not. The valid values are
True and False.
- Role Access Type
- The type of
an access that is enabled for a role.
- Role
Business Unit Name
- The name of a business unit to which the
role belongs.
- Role Dn
- An LDAP distinguished
name for the role.
- Role Business Unit Dn
- An LDAP distinguished name for the business unit of a role.
- Role Business Unit Container Dn
- An
LDAP distinguished name for the parent organization of the
business unit.
- Role Business Supervisor
- The supervisor of a user for the business unit.
|
| Role Owner |
- Role Owner Name
- The name of an owner of the role.
- Role
Owner Type
- Indicates whether the owner is a role or a user.
The valid values
are
User and Role.
- Role Owner Business Unit
- The business unit to
which the role owner belongs.
- Role Dn
- An LDAP distinguished name for a role.
|
| Parent Roles |
- Parent Role Name
- The name of the parent role.
- Parent
Role Dn
- An LDAP distinguished name for the role.
- Parent Business Unit Dn
- An LDAP distinguished
name for the business unit of the parent
role.
|
| Role Assignment Attributes |
- Attribute Name
- The name of
an attribute.
- Role Dn
- An LDAP distinguished
name for the role to which an attribute
is assigned.
|
| Role Members |
- Role Member First Name
- The given name of
a role member.
- Role Member Last Name
- The surname of a role member.
- Role Member
Attribute Name
- The name of the assignment attribute that is
associated with a
role member.
- Role Member Attribute Value
- An assignment attribute value that is associated with a role member.
- Role Member Dn
- An LDAP distinguished
name for a role member.
- Role Member Business
Unit Dn
- An LDAP distinguished name for the business unit of
a role member.
|
| Role ACI |
- Role ACI Name
- The name of
an ACI that applies to a role.
- Role ACI
Protection Category
- The type of a role that is protected by
an ACI. The valid values
are
Static Role and Dynamic Role.
- Role ACI Scope
- The scope of
an ACI. It determines whether an ACI applies to sub
units of a business organization or not. The valid values and their
meanings:
single - The policy applies to a
business unit
and not its subunits.subtree - The policy
applies to the subunits
of a business organization.
- Role
ACI Member Name
- The members who are governed by an ACI. The
valid values are:
All users in the system.The supervisor of the business unit in which the role
resides.The owners of the role, The administrator
of the domain in which the role resides.The sponsor of the business partner organization in which
the role resides.
- Role
ACI System Group Name
- Represents the name of the group whose
members are governed by
an ACI.
- Role ACI Business Unit Dn
- An LDAP distinguished name for a business unit.
- Role ACI System Group Dn
- An LDAP distinguished name for
a system group.
|
| ACI Operations |
- ACI Operation Name
- The name
of an operation that is governed by an ACI.
- ACI Operation Permission
- The permission applicable on an
ACI operation. The valid values
are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP
distinguished name for the business unit to which an ACI
applies.
|
| ACI Attribute Permissions |
- ACI Attribute Name
- The name
of an LDAP attribute on which the permissions are controlled
by an ACI.
- ACI Attribute Operation
- The name of an operation that an ACI governs.
- ACI Attribute Permission
- The permission applicable on
an ACI operation. The valid values
are
grant and deny.
- ACI Business Unit Dn
- An LDAP distinguished name
for a business unit to which an ACI
applies.
|
| Recertification Policy |
- Recertification Policy Name
- The name of the recertification policy.
- Recertification Policy Type
- The type of an entity that gets
recertified by using this policy.
The valid values are:
Account, Access,
and Identity.
- Recertification
Policy Description
- Describes the policy as specified in the
policy configuration.
- Recertification Policy
Enabled
- Shows whether or not the policy is enabled.
- Recertification Policy Scheduling Mode
- The recertification scheduling modes. The valid values are
CALENDAR and ROLLING.
- Recertification Policy Rolling Interval
- Represents the
recertification period if the recertification policy
scheduling mode is
ROLLING. No value in this query
item indicates that the scheduling is not in the ROLLING mode.
- Recertification Policy Reject Action
- An action that is taken if the recertification is rejected.
- Recertification Policy Timeout Period in Days
- The duration during which a recertifier must act.
- Recertification Policy Timeout Action
- The automatic
action that must be taken if the recertification
times out.
- Recertification Policy DN
- An LDAP distinguished name for the recertification policy.
- Recertification Policy Container DN
- An LDAP distinguished name for a business unit to which the recertification
policy applies.
- Recertification Policy
IsCustom
- Indicates whether the recertification policy is customized
or
not. It is defined in the workflow.
- Recertification
Policy User Class
- The type of a user to which the recertification
policy applies.
The valid values are
All, Person,
and Business Partner Person.
|
| Recertification Policy
Business Unit |
- Business Unit Name
- The name of a business unit.
- Business Unit Supervisor
- The user supervisor
of a business unit.
- Business Unit Dn
- An LDAP distinguished name for a business unit.
- Business Unit Container DN
- an LDAP distinguished name
for the parent business unit.
|
| Provisioning Policy |
- Provisioning Policy Name
- The name of the provisioning policy.
- Provisioning
Policy Business Unit Name
- The name of a business unit to which
the provisioning policy applies.
- Provisioning
Policy Dn
- An LDAP distinguished name for the provisioning
policy.
- Provisioning Policy Business Unit
Dn
- An LDAP distinguished name for the business unit to which
the
provisioning policy applies.
- Provisioning
Policy Business Supervisor
- A user supervisor for the provisioning
policy business unit.
|
| Shared Access Policy |
- Shared Access Policy Name
- The name of a shared access policy.
- Shared Access Policy Description
- The description the shared
access policy.
- Shared Access Policy Business
Unit Name
- The name of a business unit to which the shared
access policy
applies.
- Shared Access Policy Scope
- The scope of a shared access policy in terms of business units
the policy applies. 1 represents that the policy
applies to the business unit only, and 2 indicates
that the policy applies to the sub business units also.
- Shared Access Policy Status
- Represents whether
a policy is enabled or not. 0 represents
Enabled,
and 1 represents Disabled.
- Shared Access Business Unit Supervisor
- A user supervisor for the shared access policy business unit.
- Shared Access Policy ID
- A unique numeric
identifier that is assigned to the policy by IBM Verify Identity Governance.
- Shared Access Policy Business Unit Dn
- An LDAP
distinguished name for the business unit to which a shared
access policy applies.
|
| Separation of Duty Policy |
- Separation of Duty Policy Name
- The name of the separation of duty policy.
- Separation of Duty Policy Description
- The description
of the separation of duty policy.
- Separation
of Duty Policy Business Unit Name
- The name of the business
unit to which the separation of duty
policy applies.
- Separation of Duty Policy
Enabled
- Represents whether the policy is enabled or not. True represents
Enabled,
and False represents Disabled.
- Separation of Duty Policy Owner Name
- The name of an owner of the separation of duty policy.
- Separation of Duty Policy Owner Type
- the type of an owner for the separation of duty policy. The valid
values are
Role and Person.
- Separation of Duty Policy Owner Business Unit
Name
- The name of the business unit that applies to the policy
owner.
- Separation of Duty Policy Id
- A unique numeric identifier that IBM Verify Identity Governance assigns to
the policy.
- Separation of Duty Policy Owner
Dn
- An LDAP distinguished name for the policy owner.
|
| Separation of Duty Rule |
- Separation of Duty Rule Name
- The name of
the separation of duty rule.
- Separation
of Duty Rule Max Roles Allowed
- The maximum number of roles
that are allowed in a rule.
- Separation
of Duty Rule Version
- A numeric identifier for the current
version of the rule that
applies to a policy.
- Separation of Duty
Rule Id
- A unique numeric identifier that IBM Verify Identity Governance assigns to
the rule.
- Separation of Duty Policy Id
- A unique numeric identifier that IBM Verify Identity Governance assigns to
the policy.
- Separation of Duty Role Id
- A unique numeric identifier that IBM Verify Identity Governance assigns to
the role.
|