Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 8.1.5 - Administration Guide for Connecting to IBM Notes

Managing IBM Notes environments Setting up IBM Notes synchronization Basic configuration data Notes domains Notes certificates Notes templates Notes policies Notes user accounts Notes groups Mail-in databases Notes server Using AdminP requests for handling IBM Notes processes Reports about Notes domains Configuration parameters for synchronizing a Notes domain Default project template for IBM Notes

Deleting and restoring Notes user accounts

If a user account is deleted in One Identity Manager, it is initially marked for deletion. The user account is therefore locked. Depending on the deferred deletion setting, the user account is either deleted immediately from the address books and One Identity Manager database or at a later date.

NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the assignment of an account definition is removed, the user account that was created from this account definition is deleted.

To delete a user account

  1. Select the IBM Notes | User accounts category.
  2. Select the user account in the result list.
  3. Click to delete the user account.
  4. Confirm the security prompt with Yes.

To restore a user account

  1. Select the IBM Notes | User accounts category.
  2. Select the user account in the result list.
  3. Click in the result list.
Configuring deferred deletion

By default, user accounts are finally deleted from the database after 30 days.The user accounts are initially disabled. You can reenable the user accounts until deferred deletion is run. After deferred deletion is run, the user accounts are deleted from the database and cannot be restored anymore.In the Designer, you can set an alternative delay on the NDOUser table.

Related topics

Notes groups

Users, mail-in databases, groups, and servers can be grouped together into Notes groups. IBM Notes divides groups into different group types. The group's type specifies its intended purpose and whether it is visible in the Domino Directory.

To edit group master data

  1. Select the IBM Notes | Groups category.
  2. Select the group in the result list. Select the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the group's master data.
  4. Save the changes.
Detailed information about this topic

General master data for Notes groups

Table 44: Configuration parameters for risk assessment of user accounts

Configuration parameter

Effect when set

QER | CalculateRiskIndex

Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.

If the parameter is enabled, values for the risk index can be entered and calculated.

Enter the following data for groups.

Table 45: General master data for a Notes group
Property Description
Group Name of the group.
Display name Display name of the group.
Notes domain Domain in which the group is managed.
Group type Purpose of the group. The group type defines the visibility of the group in the Domino directory.

Applicable group types are:

  • 0 - Multi-purpose
  • 1 - Mail only
  • 2 - ACL only
  • 3 - Deny List only
  • 4 - Servers only
Parent Notes group Unique identifier of the dynamic group to which the extension group belongs. This property is maintained for all extension groups in a dynamic group.
Service item Service item data for requesting the group through the IT Shop.
Internet address Internet email address of the group.
Notes category Categorizes the group further. To create a new Notes category, click .

Risk index

Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated.

For more detailed information, see the One Identity Manager Risk Assessment Administration Guide.

Category Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Select one or more categories from the menu.

For more detailed information, see the One Identity Manager Target System Base Module Administration Guide.

Import dynamic members Method for specifying members of a dynamic group. Select "Home server" if the group members are determined dynamically from the home server members. Excluded and additional lists are synchronized for this group. Select "none" if the group is not dynamic.
Description Text field for additional explanation.
Allow foreign directory synchronization Specifies whether the information about this group can be forwarded to a foreign directory.
Locked group Specifies whether the group is set as a denied access group.
IT Shop

Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles.

The option cannot be set if the group is a dynamic group.

For more detailed information, see the One Identity Manager IT Shop Administration Guide.

Only for use in IT Shop

Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is not permitted.

Dynamic group Specifies whether this is a dynamic group. This option is set depending on the setting of "Import dynamic members".
Detailed information about this topic

Assigning Notes groups to Notes user accounts

Groups can be assigned directly or indirectly to employees. In the case of indirect assignment, employees, and groups are arranged in hierarchical roles. The number of groups assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to hierarchical roles and that employee owns a user account, this user account is added to the group. Prerequisites for indirect assignment of employees to user accounts:

  • Assignment of employees and groups is permitted for role classes (departments, cost centers, locations, or business roles).
  • User accounts are marked with the Groups can be inherited option.
  • User accounts and groups belong to the same domain.

Groups can also be assigned to employees through IT Shop requests. So that groups can be assigned using IT Shop requests, employees are added to a shop as customers. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.

For more detailed information about inheriting company resources, see the One Identity Manager Identity Management Base Module Administration Guide.

Detailed information about this topic
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione