15.1 About attribute groups

Configure attribute groups in Central console (nph-psa.exe) to:

Avoid exposing users to hundreds of request attributes on one page.
You can have groups of related attributes display on a number of sub-pages.
Assign read and write privileges to groups of:
- Authorizers
- Requesters
- Recipients
For example, you may want to allow some authorizers to enter confidential, required information such as users' salary or Social Security Numbers, without allowing requesters to see them.

15.1.1 Displaying attributes

New account requests

When a user makes a request for a new account in New account request module (nph-idr.exe) or Account management console (nph-ida.exe), the attributes can be displayed on:

The main New account: General Account Information page
For example, you may want to put attributes for which requesters are required to provide values on the main page.
A subsidiary page
For example, you may want to put optional attributes, or attributes for which authorizers must provide values, on separate pages. Users access the attributes by clicking Edit buttons on the main page.
No pages
You may require some attributes not to be displayed for new account requests at all.

When a requester updates their own or someone elses attributes in New account request module (nph-idr.exe) or Account management console (nph-ida.exe), the attributes are displayed as a list of groups, each with a corresponding Edit button.

15.1.2 Rights and group membership

Users must have rights to at least one attribute group in order to view or edit attributes in the New account request module (nph-idr.exe) or Request tracking module (nph-ids.exe).

Users can belong to more than one user group, and are assigned the highest combination of rights assigned to the groups to which they belong. For example:

User A belongs to recipient group B with read permissions on attribute group C.
User A belongs to recipient group D with write permissions on attribute group C.
User A in effect has both read and write permissions on attribute group C.

The highest combination of rights is also assigned when a user is both recipient and requester, when using the Request tracking module (nph-ids.exe). That is, when a user is tracking a request and:

Has requested an change for somebody else, their rights as a requester are in effect.
Is the recipient of a change requested by somebody else, their rights as a recipient are in effect.
Has requested a change for themselves, their combined rights as requester and recipient are in effect.

Similar rules apply for users who are both requester and authorizer.

Next: 15.2 Configuring attribute groups Up: 15. Access Controls Previous: 15. Access Controls Contents Index

ID-Synch™ is an access management solution developed by M-Tech.
The full current version of this guide, shipped with the ID-Synch software, contains detailed reference information not included in this version.

| Glossary | Feedback/Help | ©2003 M-Tech Information Technology, Inc. | Privacy policy

	ID-Synch™ is an access management solution developed by M-Tech. The full current version of this guide, shipped with the ID-Synch software, contains detailed reference information not included in this version.
	\| Glossary \| Feedback/Help \| ©2003 M-Tech Information Technology, Inc. \| Privacy policy

15.1 About attribute groups

15.1.1 Displaying attributes

New account requests

Account and attribute updates

15.1.2 Rights and group membership