...
When a RET policy is targeted to one of the above actor types, be that an individual person or a collection of people—such as a Business Role and Location (BRL) combination—any person targeted by the policy receives all of the Resource Entitlements assigned at or above their primary and secondary Business Roles and Locations. When more than one Resource Entitlement of the same type is received, a priority value determines which one the person receives, with lower priority values having higher precedence.
The following image shows the possible targets of a RET policy. When a policy is targeted to a collective actor, such as those depicted below, every person belonging to that actor receives the entitlements specified by the policy. Thus, in the below image, each person belonging to the HelpDesk Help Desk in Customer Services BRL, the HelpDesk Help Desk Technicians group, the Enterprise IT HelpDesk Help Desk Management Role, and the All Users with HelpDesk Help Desk Titles Query-Based Collection would receive an AD user account, an Exchange mailbox and a Home folder.
...
Naming Conventions
For account provisioning via RETs or in workflow processes, EmpowerID ensures logon name uniqueness automatically by addinga adding a 01, 02, etc., to the end of the generated name when a collision is detected. Naming convention workflow shapes in the creationworkflows creation workflows for the major types of objects (Person, Account, Group) can be completely customized in Workflow Studio. RET provisioningof provisioning of new accounts is not handled by workflow processes but can still be customized.
AD/LDAP Account Creation Location Logic
When provisioning users automatically via RET policies into AD or LDAP directories, EmpowerID must determine into which OU a person's account should be provisioned. The default logic is to follow the RBAC mapping for the Location portion of a Person's Business Role and Location to create the account in the Account Store OU mapped to that EmpowerID Location. In some cases, this default logic is not desired and a custom rule should be implemented. For these cases, EmpowerID allows the creation of a plugin in Workflow Studio to handle this unique RET AD/LDAP Account Creation Location logic.
...