Removing lookup information from a target user identity

Lookup information is optional unique identifying data for the target user identity defined in an association. This association can be either an identifier target association or a policy association.

Lookup information is necessary only when a mapping lookup operation can return more than one target user identity. This situation can create problems for Enterprise Identity Mapping (EIM) enabled applications, including IBM® i applications and products, that are not designed to handle these ambiguous results.

This lookup information must be provided to the mapping lookup operation to ensure that the operation can return a unique target user identity. However, if previously defined lookup information is no longer necessary, you may want to remove the lookup information so that it no longer needs to be supplied for lookup operations.

How you remove lookup information from a target user identity varies based on whether the target user identity is defined in an identifier association or a target association. Lookup information is tied to the target user identity, not the identifier associations or policy associations in which that user identity is found. Consequently, when you delete the last identifier association or policy association that defines that target user identity, both the user identity and the lookup information are deleted from the EIM domain.

Remove lookup information for a target user identity in an identifier association

To remove lookup information for the target user identity in an identifier association, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:

Registry administrator.
Administrator for selected registries (for the registry definition that refers to the user registry that contains the target user identity).
EIM administrator.

To remove lookup information for the target user identity in an identifier association, complete these steps:

From IBM Navigator for i, expand Security > All Tasks > Enterprise Identity Mapping.
Click Domain Management.
Right-click the EIM domain in which you want to work and select Open.
- If the EIM domain you want to work with is not listed under Domain Management, review Adding an EIM domain to the Domain Management folder.
- If you are not currently connected to the EIM domain in which you want to work, review Connect to the EIM domain controller.
Right-click Identifiers and select Open to display the list of EIM identifiers for the domain.
Right-click an EIM identifier and select Properties.
Select the Associations page, select the target association for the user identity for which you want to remove lookup information, and click Details.
In the Association - Details dialog, select the lookup information that you want to remove from the target user identity and click Remove.
Note: There is no confirmation prompt when you click Remove.
Click OK to save your changes and to return to the Association - Details dialog.
Click OK to exit.

Remove lookup information for a target user identity in a policy association

To remove lookup information for the target user identity in a policy association, you must be connected to the EIM domain in which you want to work and you must have EIM access control at one of these levels:

Registry administrator.
Administrator for selected registries (for the registry definition that refers to the user registry that contains the target user identity (ID).
EIM administrator.

To remove lookup information for the target user identity in a policy association, complete these steps:

From IBM Navigator for i, expand Security > All Tasks > Enterprise Identity Mapping.
Click Domain Management.
Right-click the EIM domain in which you want to work and select Mapping Policy.
- If the EIM domain you want to work with is not listed under Domain Management, review Adding an EIM domain to the Domain Management folder.
- If you are not currently connected to the EIM domain in which you want to work, review Connect to the EIM domain controller.
In the Mapping Policy dialog, use the pages to view policy associations for the domain.
Find and select the policy association for the target registry that contains the target user identity for which you want to remove lookup information.
Click Details to display the appropriate Policy Association - Details dialog for the type of policy association that you selected.
Select the lookup information that you want to remove from the target user identity and click Remove.
Note: There is no confirmation prompt when you click Remove.
Click OK to save your changes and to return to the original Policy Association - Details dialog.
Click OK to exit.