| Person |
- Person Full Name
- The full name of a user.
- Person Last
Name
- The surname of a user.
- Person
Preferred User ID
- Represents the name that a user might prefer
during an account
creation.
- Person Email
- An email
address of a user.
- Person Status
- The status of the user entity. The valid values are
Active and Inactive.
- Person
Business Unit Name
- The name of the business unit to which
a user belongs.
- Person Administrative Assistant
Dn
- An LDAP distinguished name for the administrative assistant
of
a user.
- Person Dn
- An LDAP distinguished
name for a user.
- Person Business Unit Dn
- An LDAP distinguished name for the business unit to which a user
belongs.
- Person Business Unit Supervisor
- An LDAP distinguished name for the supervisor of the business
unit to which a user belongs.
|
| Person Aliases |
- Person Alias Name
- The
name of a user alias.
- Person Dn
- An LDAP distinguished name for the user to which an alias belongs.
|
| Person Manager |
- Person Full Name
- The full name of the manager.
- Person Last Name
- The surname of the
manager.
- Person Status
- The status
of the manager entity. The valid values are
Active and Inactive.
- Person
Dn
- An LDAP distinguished name for the manager.
- Person Business Unit Dn
- An LDAP distinguished
name for the business unit to which a manager
belongs.
- Person Supervisor
- The
user supervisor of the manager.
|
| Account |
- Account Name
- The name of an
account.
- Account Status
- The status
of an account. The valid values are
Active and Inactive.
- Account Compliance
- The compliance status of an account. The valid values are
Unknown, Compliant, Disallowed,
and Non Compliant.
- Account
Ownership Type
- The ownership type of an account. The valid
values are
Individual, System, Device,
and Vendor.
- Account Last
Access Date
- The last accessed date of an account.
- Account Service Name
- The name of the service
on which an account is provisioned.
- Account
Service Type
- The profile of the service on which an account
is provisioned.
- Account Service Url
- A URL that connects to the service on which an account is provisioned.
- Account Service Business Unit Name
- An LDAP distinguished name for the business unit to which a service
belongs.
- Account Dn
- An LDAP distinguished
name for an account.
- Account Service Dn
- An LDAP distinguished name for the service on which an account
is provisioned.
- Account Service Business
Unit Dn
- An LDAP distinguished name for the business unit to
which a service
belongs.
- Account Service Owner Dn
- An LDAP distinguished name for a user who is the owner of the
service.
- Account Service Business Unit
Supervisor Dn
- An LDAP distinguished name for the supervisor
of the business
unit to which a service belongs.
- Account
Owner Business Unit Dn
- An LDAP distinguished name for the
business unit of a user who
owns the account.
|
| Role |
- Role Name
- The name of a role.
- Role Description
- The description of a role.
- Role Type
- The type of a role. The valid
values are
Static and Dynamic.
- Role Access Enabled
- Represents whether
or not access for a role is enabled. True represents
Enabled, and False represents Disabled.
- Role Common Access Enabled
- Represents
whether or not common access for the role is enabled.
The valid values are
True and False.
- Role Access Type
- The type of
an access that is enabled for a role.
- Role
Dn
- An LDAP distinguished name for the role.
- Role Business Unit Dn
- An LDAP distinguished name
for the business unit of a role.
|
| Person ACI |
- ACI Name
- The name of the Access
Control Item (ACI).
- ACI Protection Category
- The category of an entity that an ACI protects. The value of this
item must be
Person.
- ACI
Target
- The type of the selected protection category that is
associated
with an ACI. The valid values are
inetOrgPerson and erPersonItem.
- ACI scope
- The scope of an ACI. It determines whether an ACI is applicable
to subunits of a business organization or not. The valid values and
their meanings:
single - The policy applies
to a business unit
and not its subunits.subtree - The policy
applies to the subunits
of a business organization.
- ACI
Business Unit Dn
- An LDAP distinguished name for the business
unit on which an ACI
is defined.
|
| ACI Operations |
- ACI Operation Name
- The name of an operation
that an ACI governs.
- ACI Operation Permission
- The permission that applies to an ACI operation. The valid values
are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP
distinguished name for the business unit.
|
| ACI Attribute Permissions |
- ACI Attribute Name
- The name of an attribute for which an ACI controls the permissions.
- ACI Attribute Operation
- The name of
an operation that can be run on an attribute. The
valid values are r for read operation, w for
write operation, and rw for read and write operations.
- ACI Attribute Permission
- The permission
that applies to an ACI operation. The valid values
are
grant and deny.
- ACI Business Unit Dn
- An LDAP distinguished name
for the business unit.
|
| ACI Members |
- ACI Member Name
- The members
that an ACI governs. The valid values are:
All Users - All users in the system.Profile Owner - The owner of the profile.Manager - The
manager of the profile owner.Sponsor - The
sponsor of the Business Partner
organization in which the person resides.Administrator - The administrator of the domain in
which the person resides.Service Owner-
The owner of the service.Access Owner -
The owner of an access.
- ACI System
Group Name
- Represents the name of the group whose members
are governed by
an ACI.
- ACI Business Unit Dn
- An
LDAP distinguished name for the business unit.
- ACI System Group Dn
- An LDAP distinguished name for the
system group.
|
| Supervised Business Unit |
- Business Unit Name
- The name
of a business unit.
- Business Unit Supervisor
- A user who is the supervisor of a business unit.
- Business Unit Dn
- An LDAP distinguished name for
the business unit to which a user
belongs.
- Business Unit Container Dn
- An LDAP distinguished name for the parent business unit of an
organization entity.
|
| Service Ownership |
- Service Name
- The name of a
service to which the accounts are provisioned.
- Service Dn
- An LDAP distinguished name for the service.
- Service Container Dn
- An LDAP distinguished
name for the business unit of a service.
- Service Owner Dn
- An LDAP distinguished name for a user who
owns the service.
- Service Url
- A
URL that connects to the managed resource.
- Service Type
- The service profile type.
|
| Roles Ownership |
- Role Name
- The name of a role.
- Role Description
- The description of a role.
- Role Type
- The type of a role. The valid values are
Static and Dynamic.
- Role Access
Enabled
- Represents whether an access for a role is enabled
or not. True represents
Enabled, and False represents Disabled.
- Role Common Access Enabled
- Represents
whether or not common access for the role is enabled.
The valid values are
True and False.
- Role Access Type
- The type of
an access that is enabled for a role.
- Role
Dn
- An LDAP distinguished name for a role.
- Role Business Unit Dn
- An LDAP distinguished name
for the business unit of a role.
|
| Group Ownership |
- Group Name
- The name
of a group for which an access is defined.
- Group Type
- The profile type of a group.
- Group Access Name
- The name of an access that is defined
for a group.
- Group Access Type
- The type of an access that is defined for a group.
- Group Service Name
- The name of a service on which
the group is provisioned.
- Group Service
Type
- The profile type of a service on which the group is provisioned.
- Group Service Url
- A URL that connects
to the service to which the group is provisioned.
- Group Service Business Unit Name
- The name of
a business unit to which the service belongs.
- Group Dn
- An LDAP distinguished name for a group entity
to which an access
is defined.
- Group Service Dn
- An
LDAP distinguished name for the service that is associated
to a group.
- Group Service Business Unit
Dn
- An LDAP distinguished name for the business unit to which
a service
belongs.
- Group Service Owner Dn
- An LDAP distinguished name for a user who owns the service.
- Group Service Business Unit Supervisor
- An LDAP distinguished name for the supervisor of a business unit
to which a service belongs.
|
| Credential Pool Ownership |
- Credential Pool Name
- The name of a credential pool.
- Credential
Pool Service Dn
- An LDAP distinguished name for a service to
which the group associated
with a credential pool is provisioned.
- Credential Pool Business Unit Dn
- An LDAP distinguished name
for the business unit of a credential
pool.
- Credential Pool Dn
- An LDAP
distinguished name for the credential pool.
|
| Separation of Duty Policy
Ownership |
- Separation of Duty Policy Name
- The name of the separation
of duty policy.
- Separation of Duty Policy
Description
- The description of the separation of duty policy.
- Separation of Duty Policy Enabled
- Indicates
whether or not the policy is enabled. True represents
Enabled, and False represents Disabled.
- Separation of Duty Policy Business Unit Name
- The name of a business unit to which the separation of duty policy
applies.
- Separation of Duty Policy Id
- A unique numeric identifier for the separation of duty policy.
|