Creating User Visibility Rules

The User Visibility Rule ItemType is used to create a list of Identity rules that determine the overall User Visibility Policy for the system. Each User Visibility Rule Item is composed of the following properties:

• Source Identity: a group or user Identity accessing a user’s information.
• Access Identity: a group or user Identity being accessed.
• Is Active: an indicator whether a given Rule is active in the system when the User Identities Derived Relationship Family and User Visibility Policy MAC Policy are in the Active state.

Use the following procedure to create a User Visibility Rule:

1. Go to Contents --> Administration --> Access Control --> User Visibility Rules to create or search for existing rules. The menu shown in Figure 2 appears.

   

   

   Figure 2.

2. Click Create New User Visibility Rule. A blank User Visibility Rule dialog appears.

   

   

   Figure 3.

3. Click the ellipses in the Source Identity field to select the appropriate identity from the Identity Search dialog.
4. Click the ellipses in the Access Identity field to select the appropriate identity from the Identity Search dialog.
5. Enter the appropriate information in the Description field and click to save and unlock the Rule.

User Administrators: a group Identity exempt from the User Visibility Rules. User Identities that are members of the User Administrators group have full permissions (Get, Update, Delete, Can Discover) to all User and Identity Items.

User Readers: a group Identity exempt from the User Visibility Rules. User Identities that are members of the User Readers have Get and Discover permissions to all User and Identity Items.