Enabling mapping lookup support and the use of policy associations for a target registry

Enterprise Identity Mapping (EIM) mapping policy support allows you to use policy associations as a means of creating many-to-one mappings in situations where associations between user identities and an EIM identifier do not exist. You can use a policy association to map a source set of multiple user identities (rather than a single user identity) to a single target user identity in a specified target user registry.

Before you can use policy associations, however, you must first ensure that you enable mapping lookups using policy associations for the domain. You must also enable one or two settings for each registry:

  • Enable mapping lookups for registry Select this option to ensure that the registry can participate in EIM mapping lookup operations, regardless of whether the registry has any policy associations defined for it.
  • Use policy associations Select this option to allow this registry to be the target registry of a policy association and ensure that it can participate in EIM mapping lookup operations.

If you do not enable mapping lookups for the registry, the registry cannot participate in EIM mapping lookup operations at all. If you do not specify that the registry use policy associations, then EIM mapping lookup operations ignore any policy associations for the registry when the registry is the target of the operation.

To enable mapping lookups to use policy associations for a target registry, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:

  • EIM administrator
  • Registry administrator
  • Administrator for selected registries (for the registry that you want to enable)

To enable mapping lookup support in general, and to allow the use policy associations in specific, for a target registry, complete these steps:

  1. From IBM® Navigator for i, expand Security > Enterprise Identity Mapping (EIM).
  2. Click Domain Management.
    • If you are not currently connected to the EIM domain controller, a Connect to EIM Domain Controller dialog box is displayed. Enter the connection information to use for the connection to the EIM domain controller. Click OK
  3. Right-click the EIM domain in which you want to work and select Open.
  4. Right-click User Registries, select Open to display the list of registry definitions within the domain.
    Note: If you have Administrator for selected registries access control, the list contains only those registry definitions to which you are specifically authorized.
  5. Right-click the registry definition for which you want to enable mapping policy support for policy associations and select Mapping Policy
  6. On the General page, select Enable mapping lookups for registry. Selecting this option allows the registry to participate in EIM mapping lookup operations. If this option is not selected, a lookup operation cannot return data for the registry, regardless of whether the registry is the source registry or the target registry in a lookup operation.
  7. Select Use policy associations. Selecting this option allows lookup operations to use policy associations as the basis for returning data when the registry is the target of the lookup operation.
  8. Click OK to save your changes.
Note: Before any registry can use policy associations, you must also ensure that you enable policy associations for a domain.