Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Status: Draft

The CoreOne Suite offers different types of how you can create and manage Resources. In the beginning of implementing the CoreOne Suite, you have to decide, what type of Resources you would like to use. This article should help you to decide between Linked and Managed Resources. The behaviour of these resource types are pretty similiar in the different target systems we do support. We decided to focus in this article on the target system Active Directory as this is one of the most used target systems by our customers.

Theory

Resources in the CoreOne Suite are nothing else than a Group in an Active Directory. Due to different Terminations in all our supported target systems, we decided to use the termination “Resources”. Simple said: A Resource is a right you can assing to an Identity in a Target System. In an Active Directory it is a Group (Resource) where you add a user (Identity) as member. This results in a right.

Linked Resources

Linked Resources are the most used type of resources. With linked Resources

Pro’s & Con’s

Managed Resources

Pro’s & Con’s

What they don’t do

  • They won’t be added automatically as Resource in the CoreOne Suite, if you create them directly in the target system.

    • Linked Resources: You have to link the newly created Active Directory Group in the CoreOne Suite Admin UI to be able, to assign it to a Core-Identity. See: /wiki/spaces/IKB/pages/1796997245

    • Managed Resources: You’ve chosen the wrong way. It is not possible to use this Group. You have to delete it in the target system and recreate it in the CoreOne Suite Admin UI and the CoreOne Suite creates the Group in the target system automatically. See: /wiki/spaces/IKB/pages/1796997245

Frequently Asked Questions

 Can I use Linked and Managed Resources at the same time?

Technically: Yes you can.

Logically: It’s not that simple. (smile) We recommend, to focus on one type. We observed, that new IAM Manager’s are often confused, if there are different ways, of how they have to handle rights.

For Example: The IAM Manager’s goal is to create a new Active Directory Group. In some OU-Path’s where you work with Linked Resources he have to do that directly in the target system Active Directory. For an another OU-Path where you work with Managed Resources he have to get the job done through the Admin UI of the CoreOne Suite.

 Does the CoreOne Suite also cleanup unknown Objects?

The CoreOne Suite Cleanup Task only controlls known Objects. In the context of an Active Directory that means:

  • Active Directory Group-Memberships of an Active Directory User are not handled, if the User wasn’t created by the CoreOne Suite.

  • Active Directory Groups at all which are not recognised as Linked Resource or are not Created directly through the CoreOne Suite as Managed Resource are not handled.

Example 1:

Group “Application_Read-Write” is a Linked Ressource. The Group has two members. The first User “Diego Testoni” was created and added to this Group by the CoreOne Suite. The other User “Thomas Gruti” is a manually, directly in the Active Directory created User and not recognized by the CoreOne Suite. The CoreOne Suite Cleanup Task will only manage the membership of Diego Testoni. The membership of Thomas Gruti won’t be touched by the CoreOne Suite.

Example 2:

The Active Directory User “Diego Testoni” was created through the CoreOne Suite and has 5 Group-Memberships. The CoreOne only recognises 3 of these Groups. The CoreOne Suite will also controll these 3 Groups. The other 2 Group-Memberships won’t be touched by the CoreOne Suite.

Example 3:

  • No labels

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.