| Div |
|---|
Home / User Provisioning and Identity Lifecycle / Provisioning Policies / Current: Resource Entitlements Overview |
Resource Entitlements (RETs) are one of the most important and useful features of the EmpowerID system. In EmpowerID, Resource Entitlements (RETs) are policies that govern how resources, such as an Active Directory account or an Exchange mailbox, are given to people. These policies are policies that you can write to automate the provisioning, moving, disabling, and de-provisioning of resources for users based on their roles, memberships and locations within your organization. When RETs are in place, EmpowerID evaluates those policies each time an EmpowerID Person is provisioned or newly assigned to any one of the following EmpowerID actor types:
- Business Role and Location
- Management Role
- Group
- Query-Based Collection (Set Group)
...
- On Transform Action - Transforming occurs when a person with a resource provisioned by one RET policy receives an equivalent RET from a different policy. This typically happens when a person changes their Business Role or Location. The Transform Action marks this resource with the new RET policy number and triggers the Transform Action specified by the new RET policy. All Transform Actions are not implemented for all types of RETs. The four options and outcomes are:
- Do Nothing - No changes are made.
- Move - In the case of user accounts, moves the user object to the OU specified by the RET or as determined through the mapping of OUs to Business Roles and Locations.
- Delete and Recreate - In the case of user accounts, deletes and recreates the user.
- Register Event - Raises the event specified.
- On Revoke Action - This occurs when a person who received a resource via an RET no longer receives the RET policy, typically due to a change in Business Role or Location.
- Do Nothing - No changes are made to the resource.
- De-provision - Deletes the resource.
- Disable - Disables the resource.
- Register Event - Raises the event specified.
- Claim Action Workflow Event - This is an optional setting that allows you to enter the name of a predefined EmpowerID event registration. The RET action will "fire" this event which then triggers the initiation of all workflows that subscribe to the event. The only requirement for these event workflows is an input property of the type Resource named "resource" (case sensitive). The RET process will pass in the resource of the Person's RET (Account, Home Folder, Exchange Mailbox, etc.) that triggered the event for further processing by the custom workflow(s). The custom workflows can be used to implement more advanced processes for deprovisioning or other events.
- Transform Action Workflow Event - This is an optional setting that allows you to enter the name of a predefined EmpowerID event registration. The RET action will "fire" this event which then triggers the initiation of all workflows that subscribe to the event. 160;The only requirement for these event workflows is an input property of the type Resource named "resource" (case sensitive). The RET process will pass in the resource of the Person's RET (Account, Home Folder, Exchange Mailbox, etc.) that triggered the event for further processing by the custom workflow(s). The custom workflows can be used to implement more advanced processes for deprovisioning or other events.
- Revoke Action Workflow Event - This is an optional setting that allows you to enter the name of a predefined EmpowerID event registration. The RET action will "fire" this event which then triggers the initiation of all workflows that subscribe to the event. The only requirement for these event workflows is an input property of the type Resource named "resource" (case sensitive). The RET process will pass in the resource of the Person's RET (Account, Home Folder, Exchange Mailbox, etc.) that triggered the event for further processing by the custom workflow(s). The custom workflows can be used to implement more advanced processes for deprovisioning or other events.
...