Synchronization branch
The usual approach with target systems is to establish a master-subordinate mechanism between the target systems and the AG Core. The user authorizations are not set by single target system consoles. The AG Core communicates the user authorizations to the target system consoles.
When you migrate to an RBAC system managed by IBM® Security Identity Governance and Intelligence, a transitional period in which operators continue to directly set and use the target systems is important.
However, synchronizing changes that are executed directly on the target systems is complicated because authorizations are managed through roles that use the RBAC standard.
In non-RBAC-based target systems, entitlements are directly assigned to users and are not mediated by RBAC standards.
The IBM Security Identity Governance and Intelligence framework contains a synchronization branch with an interface. The interface informs the AG Core about what occurred in the target systems, which avoids misalignment or inconsistencies.
Because of the rules that are implemented for this branch, the RE can automatically repair an error condition or send the event, which provokes an inconsistency.
After an error occurs, the administrator runs an analysis from a dedicated section of the AG Core module. In this case, from the AG Core, rules can be used to set a resolution strategy that assigns the functions to the users.
The following diagram illustrates the structure of the synchronization branch:
