Creating a default registry policy association

To create a default registry policy association, you must be connected to the Enterprise Identity Mapping (EIM) domain in which you want to work and you must have EIM access control as either a Registry administrator or EIM administrator.

A policy association describes a relationship between multiple user identities and a single user identity in a target user registry. You can use a policy association to describe a relationship between a source set of multiple user identities and a single target user identity in a specified target user registry. Policy associations use EIM mapping policy support to create many-to-one mappings between user identities without involving an EIM identifier.

Note: Because you can use policy associations in a variety of overlapping ways, you need to have a thorough understanding of EIM mapping policy support before you create and use policy associations. Also, to prevent potential problems with associations and how they map identities, you need to develop an overall identity mapping plan for your enterprise before you begin defining associations.

In a default registry policy association, all users in a single registry are the source of the policy association and are mapped to a single target registry and target user. When you enable the default registry policy association for the target registry, the policy association ensures that these source user identities can all be mapped to a single specified target registry and target user.

To create a default registry policy association, complete these steps:

  1. From IBM® Navigator for i, expand Security > All Tasks > Enterprise Identity Mapping.
  2. Click Domain Management.
  3. Right-click the EIM domain in which you want to work and select Mapping Policy.
  4. Select Enable mapping lookups using policy associations for domain on the General page.
  5. In the Add Default Registry Policy Association dialog, specify the following required information:
    • The registry definition name of the Source registry for the policy association.
    • The registry definition name of the Target registry for the policy association.
    • The user identity name of the Target user for the policy association.
  6. Click ? for help, if necessary, for more details about how to complete this and subsequent dialogs.
  7. Optional. Click Advanced to display the Add Association - Advanced dialog. Specify lookup information for the policy association and click OK to return to the Add Default Registry Policy Association dialog.
    If two or more policy associations with the same source registry refer to the same target registry, you must define unique lookup information for each of the target user identities in these policy associations. By defining lookup information for each target user identity in this situation, you ensure that mapping lookup operations can distinguish between them. Otherwise, mapping lookup operations may return multiple target user identities. As a result of these ambiguous results, applications that rely on EIM may not be able to determine the exact target identity to use.
  8. Click OK to create the new policy association and return to the Registry page. The new default registry policy association now displays in Default policy associations.
  9. Verify that the new policy association is enabled for the target registry.
  10. Click OK to save your changes and exit the Mapping Policy dialog.
    Note: Verify that mapping policy support and the use of policy associations for target user registry are properly enabled. If it is not enabled, the policy association can not take effect.