Understanding Scoping

Before diving into specific configurations in CA Identity Portal, it is important to understand the scoping mechanism.
cis144
Before diving into specific configurations in CA Identity Portal, it is important to understand the scoping mechanism.
Administrative roles are used in identity management for managing individual business requirements. A role defines what operations can be performed by a user.
These operations define the ability of a user to acquire access (or requesting one) for different entitlement or business flows in the organization.
When a user logs in to CA Identity Portal, this information is pulled by CA Identity Portal connectors. CA Identity Portal then calculates and translates this information and allows the user to request access or trigger flows only to what they are allowed to.
This calculation is performed in several scenarios:
  • After selecting a user in the access module - CA Identity Portal calculates which permissions the logged in user is allowed to request for the selected user.
  • In Modules – CA Identity Portal calculates what invocations operations (operations of type USER and GROUP) are within the logged-in user scope on the selected user.
CA Identity Portal offers an additional layer of scoping in the access module which can be configured in the target permissions rule.
For more information, see Create Target Permissions.
For specific scoping configurations, see Scoping.