EIM access control group: EIM task authority
This information displays a table that explains the relationships between the different Enterprise Identity Mapping (EIM) access control groups and the EIM tasks that they can perform.
Although the LDAP administrator is not listed in the table, this level of access control is required to create a new EIM domain. Also, the LDAP administrator has the same access control as the EIM administrator, but the EIM administrator does not automatically have LDAP administrator access control.
| EIM task | EIM administrator | Identifier administrator | EIM mapping lookup operations | Registry administrator | Administrator for selected registry | Credential lookup |
|---|---|---|---|---|---|---|
| Create domain | - | - | - | - | - | |
| Delete domain | X | - | - | - | - | |
| Modify domain | X | - | - | - | - | |
| Enable/Disable Policy Associations for Domain | X | - | - | - | - | |
| Search for Domains | X | - | - | - | - | |
| Add System Registry | X | - | - | - | - | |
| Add Application Registry | X | - | - | - | - | |
| Remove Registry | X | - | - | - | - | |
| Modify Registry | X | - | - | X | X | |
| Enable/Disable Mapping Lookups for Registry | X | - | - | X | X | |
| Enable/Disable Policy Associations for Registry | X | - | - | X | X | |
| Search for Registries | X | X | X | X | X | |
| Add Identifier | X | X | - | - | - | |
| Remove Identifier | X | - | - | - | - | |
| Modify Identifier | X | X | - | - | - | |
| Search for Identifiers | X | X | X | X | X | |
| Retrieve Associated Identifiers | X | X | X | X | X | |
| Add/Remove Administrative Association | X | X | - | - | - | |
| Add/Remove Source Association | X | X | - | - | - | |
| Add/Remove Target Association | X | - | - | X | X | |
| Add/Remove Policy Association | X | - | - | X | X | |
| Add/Remove certificate filter | X | - | - | X | X | |
| Search for Certificate Filter | X | X | X | X | X | |
| Search for Associations | X | X | X | X | X | |
| Search for Policy Associations | X | X | X | X | X | |
| Retrieve Target Association from Source Association | X | X | X | X | - | |
| Retrieve Target Association from Identifier | X | X | X | X | X | |
| Modify Registry Users | X | - | - | X | X | |
| Search for Registry Users | X | X | X | X | X | |
| Modify Registry Alias | X | - | - | X | X | |
| Search for Registry Aliases | X | X | X | X | X | |
| Retrieve Registry from Alias | X | X | X | X | X | |
| Add/Remove EIM Access Control | X | - | - | - | - | |
| Display Access Control Group Members | X | - | - | - | - | |
| Display EIM Access Control for a Specified User | X | - | - | - | - | |
| Query EIM Access Control | X | - | - | - | - | |
| Modify Credential | X | - | - | - | - | - |
| Retrieve Credential | X | - | - | - | - | X |
| 1 - If the specified registry definition is a group registry definition, a user with Administrator for selected registries access control has administrator access to the group only, not to the members of the group. | ||||||