Table of Contents

Search

  1. Preface
  2. Starting Data Archive
  3. System Configuration
  4. Database Users and Privileges
  5. Source Connections
  6. Target Connections
  7. Archive Store Configuration
  8. Datatype Mapping
  9. Database Optimization
  10. SAP Application Retirement
  11. z/OS Source Data Retirement
  12. Seamless Data Access
  13. Data Discovery Portal
  14. Security
  15. SSL Communication with Data Vault
  16. LDAP User Authentication
  17. Auditing
  18. Running Jobs from External Applications
  19. Salesforce Archiving Administrator Tasks
  20. Upgrading Oracle History Data
  21. Upgrading PeopleSoft History Data
  22. Data Archive Maintenance
  23. Appendix A: Datetime and Numeric Formatting
  24. Appendix B: Data Archive Connectivity

Administrator Guide

Administrator Guide

Data Archive Roles and LDAP Security Groups

Data Archive Roles and LDAP Security Groups

When you configure LDAP authentication, you can enable role assignment synchronization. However, LDAP directory services do not have a role concept. Use security groups to represent Data Archive roles.
If you enable role assignment synchronization, create a security group for each system-defined role and Data Vault access role that exists in Data Archive. After you create security groups, you can assign the security groups to users and to groups of users. When Data Archive synchronizes users, Data Archive reviews the security groups that are assigned to users and groups. If a security group name matches the technical name of a Data Archive role, then Data Archive assigns the role to the user.
Use the following rules and guidelines when you create security groups in the LDAP directory service:
  • Create one security group for each Data Archive system-defined role and Data Vault access role.
  • The name of the LDAP security group for a Data Vault access role must match the unique name of that Data Vault access role.
    To get the names of Data Vault access roles, go to Data Archive, click
    Administration
    Manage Roles
    and select the
    Access Roles
    tab. You will see the list of Data Vault access roles.
  • The name of the LDAP security group for a system-defined role must match the technical name of that system-defined role.
    To get the technical names of system-defined roles, view the
    AM_ROLES
    table in the ILM repository or see the reference table below.
  • LDAP security group names are not case sensitive.
  • LDAP security groups are not managed as groups in Data Archive. You must enter the appropriate value in the
    User Filter
    field of the
    Sync with LDAP Server
    job to enable Data Archive to identify individual users in an LDAP security group.

0 COMMENTS

We’d like to hear from you!