Access control items
An access control item (ACI) is data that identifies the permissions that users have for a specific type of resource. You create an access control item to specify a set of operations and permissions. You also identify which groups use the access control item.
- The entity types to which the access control item applies
- Operations that users might do on entity types
- Attributes of the entity types that users might read or write
- The set of users that is governed by the access control item
IBM® Security Identity Manager provides default access control items.
You can also create a customized access control item. For example, a customized access control item might limit the ability of a specific Help Desk Assistant group to change information for other users. Access control items can also specify relationships such as Manager or Service Owner.
When you create customized reports, you must also manually create report access control items and entity access control items for the new report. These ACIs permit users who are not administrators, such as auditors, to run the custom report and view data in the custom report.
After you create an access control item or change an existing access control item, run a data synchronization to ensure that other Security Identity Manager processes, such as the reporting engine, use the new or changed access control item.