IBM Security Role and Policy Modeler Version 1 Release 1 Glossary SC27-2800-00
IBM Security Role and Policy Modeler Version 1 Release 1 Glossary SC27-2800-00
March 2012 This edition applies to ersion 1.1 of IBM Security Role and Policy Modeler and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2011, 2012. US Goernment Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents Tables............... About this information........ ii Intended audience............ ii Access to publications and terminology..... ii IBM Security Role and Policy Modeler library.. ii Online publications.......... ii IBM terminology website........ iii Accessing publications online....... iii Ordering publications......... iii Accessibility features for IBM Security Role and Policy Modeler............. ix Technical training............. x User communities............ x Support information............ x Conentions used in this information...... x Typeface conentions.......... x Definitions for HOME and other directory ariables.............. xi Glossary.............. 1 Notices............... 3 Index................ 7 Copyright IBM Corp. 2011, 2012 iii
i IBM Security Role and Policy Modeler: Glossary
Tables 1. Home directory ariable definitions.... xi Copyright IBM Corp. 2011, 2012
i IBM Security Role and Policy Modeler: Glossary
About this information Intended audience This information contains the glossary terms for IBM Security Role and Policy Modeler. This information is designed for the system and security administrators in an organization that uses IBM Security Role and Policy Modeler. Readers are expected to understand system and security administration concepts. Additionally, the readers must understand administration concepts for the following types of products: Database serer Application serer Web serer Access to publications and terminology This section proides: IBM Security Role and Policy Modeler library Online publications IBM terminology website on page iii IBM Security Role and Policy Modeler library The following documents are aailable in the IBM Security Role and Policy Modeler library: IBM Security Role and Policy Modeler Quick Start Guide, GI11-9350 IBM Security Role and Policy Modeler Product Oeriew Guide, GC27-2795 IBM Security Role and Policy Modeler Planning Guide, SC22-5407 IBM Security Role and Policy Modeler Installation and Configuration Guide, SC27-2743 IBM Security Role and Policy Modeler Administration Guide, SC27-2796 IBM Security Role and Policy Modeler Troubleshooting Guide, GC27-2797 IBM Security Role and Policy Modeler Message Guide, GC27-2744 IBM Security Role and Policy Modeler Reference Guide, SC27-2798 IBM Security Role and Policy Modeler Glossary, SC27-2800 Online publications IBM posts product publications when the product is released and when the publications are updated at the following locations: IBM Security Role and Policy Modeler Information Center The http://publib.boulder.ibm.com/infocenter/tiihelp/2r1/topic/ com.ibm.security.modeling.doc/ic-homepage.htm site displays the information center welcome page for this product. Copyright IBM Corp. 2011, 2012 ii
IBM Security Information Center The http://publib.boulder.ibm.com/infocenter/tiihelp/2r1/index.jsp site displays an alphabetical list of and general information about all IBM Security product documentation. IBM Publications Center The http://www.ibm.com/e-business/linkweb/publications/serlet/ pbi.wss site offers customized search functions to help you find all the IBM publications you need. IBM terminology website The IBM Terminology website consolidates terminology from product libraries in one location. You can access the Terminology website at http://www.ibm.com/ software/globalization/terminology. Accessing publications online The publications for this product are aailable online in Portable Document Format (PDF) or Hypertext Markup Language (HTML) format, or both in IBM Tioli Documentation Central. IBM posts publications for this product and all other IBM Security products to the Tioli Documentation Central website at http://www.ibm.com/tioli/ documentation. The publications are posted as they become aailable and wheneer they are updated. To locate product publications in the library, click the first letter of the product name or scroll until you find the product name. Then, click the product name. Product publications can include release notes, installation guides, user guides, administration guides, and deeloper references. Note: To ensure correct printing of PDF publications, select the Fit to page check box in the Adobe Acrobat Print window. The window is aailable when you click File > Print. Ordering publications You can order hard copies of some publications. Many countries proide an online ordering serice. To access the online ordering serice, complete these steps: 1. Go to the IBM Publications Center at http://www.ibm.com/ebusiness/linkweb/publications/serlet/pbi.wss. 2. From the Select a country/region/language to begin list, select your country and click the arrow icon. 3. Follow the instructions for how to order hard copy publications. If your country does not proide an online ordering serice, contact your software account representatie to order publications. To find your local contact, complete these steps: 1. Go to the Directory of worldwide contact at http://www.ibm.com/ planetwide. 2. Click your country name to iew the list of contacts. iii IBM Security Role and Policy Modeler: Glossary
Accessibility features for IBM Security Role and Policy Modeler Accessibility features help users who hae a disability, such as restricted mobility, use information technology products successfully. Accessibility features The following list includes the major accessibility features in IBM Security Role and Policy Modeler: Keyboard-only operation Interfaces that are commonly used by screen readers Keys that are discernible by touch but not actiated by touch Industry-standard deices for ports and connectors The attachment of alternatie input and output deices The IBM Security Role and Policy Modeler information center and its related publications are accessibility-enabled. Keyboard naigation This product allows operation with a keyboard. Interface information Hierarchical iew is not keyboard accessible The hierarchical iew of the role and policy model is not keyboard accessible. Howeer, the table iew of the role and policy model is keyboard accessible. Customers who require a keyboard-accessible role and policy model can use the table iew on the Roles and Policies window. Analysis graphs are not keyboard accessible There is an alternatie representation of the same data in the form of in and out tables in the analysis windows. Supported browsers for accessibility Mozilla FireFox 3.6.22. Microsoft Internet Explorer 8. For information about known accessibility issues for this browser, see the "Known limitations, problems, and workarounds" topic in the IBM Security Role and Policy Modeler information center. Reports are accessible Reports are accessible in HTML and PDF format. For more information, see the "Assistie technologies for reports" topic in the IBM Security Role and Policy Modeler information center. Opening online help within IBM Security Role and Policy Modeler For Microsoft Internet Explorer, press Alt+6+Enter. For Mozilla FireFox, press Shift+Alt+6. IBM and accessibility See the IBM Human Ability and Accessibility Center for more information about the commitment that IBM has to accessibility. About this information ix
Technical training User communities Support information For technical training information, see the following IBM Education website at http://www.ibm.com/software/tioli/education. User communities are member-run membership organizations that proide information to assist you in the implementation of IBM Security software solutions. Through these communities, members can share information and learn from the knowledge and experience of other users. User communities related to this product include: IBM Security Community http://www.ibm.com/community/security Tioli User Community http://tioli-ug.org/ IBM Support proides assistance with code-related problems and routine, short duration installation or usage questions. You can directly access the IBM Software Support site at http://www.ibm.com/software/support/probsub.html. IBM Security Role and Policy Modeler Troubleshooting Guide proides details about: What information to collect before contacting IBM Support. The arious methods for contacting IBM Support. Instructions and problem-determination resources to isolate and fix the problem yourself. Note: The Community and Support tab on the product information center can proide additional support resources. Conentions used in this information This information uses seeral conentions for special terms and actions and for operating system-dependent commands and paths. Typeface conentions This information uses the following typeface conentions. Bold Italic Lowercase commands and mixed case commands that are otherwise difficult to distinguish from surrounding text Interface controls (check boxes, push buttons, radio buttons, spin buttons, fields, folders, icons, list boxes, items inside list boxes, multicolumn lists, containers, menu choices, menu names, tabs, property sheets), labels (such as Tip:, and Operating system considerations:) Keywords and parameters in text Citations (examples: titles of publications, diskettes, and CDs Words defined in text (example: a nonswitched line is called a point-to-point line) x IBM Security Role and Policy Modeler: Glossary
Emphasis of words and letters (words as words example: "Use the word that to introduce a restrictie clause."; letters as letters example: "The LUN address must start with the letter L.") New terms in text (except in a definition list): a iew is a frame in a workspace that contains data. Variables and alues you must proide:... where myname represents... Monospace Examples and code examples File names, programming keywords, and other elements that are difficult to distinguish from surrounding text Message text and prompts addressed to the user Text that the user must type Values for arguments or command options Bold monospace Command names, and names of macros and utilities that you can type as commands Enironment ariable names in text Keywords Parameter names in text: API structure parameters, command parameters and arguments, and configuration parameters Process names Registry ariable names in text Script names Definitions for HOME and other directory ariables The table contains default definitions that are used in IBM Security Role and Policy Modeler information center and guides. These definitions represent the HOME directory leel for different product installation paths. You can customize the HOME directory for your specific requirement. The default directory installation locations in the following table are proided for either administrator or root users. For non-administrator or nonroot users, replace the following paths with user_home: Windows operating system: drie:\program Files Linux: /opt UNIX, or AIX : /usr Table 1. Home directory ariable definitions Path ariable Default definitions Description SM_HOME Windows operating system: C:\Program Files\IBM\ SecurityModeler Linux, UNIX or AIX: /opt/ibm/securitymodeler The base directory that contains IBM Security Role and Policy Modeler and documentation. About this information xi
Table 1. Home directory ariable definitions (continued) Path ariable Default definitions Description DB_HOME Windows operating system: C:\Program Files\IBM\SQLLIB Linux: /opt/ibm/db2/v9.7 UNIX or AIX: /opt/ibm/db2/v9.7 WAS_HOME Windows operating system: C:\Program Files\IBM\WebSphere\ AppSerer Linux: /opt/ibm/websphere/ AppSerer UNIX or AIX: /usr/ibm/websphere/ AppSerer TIP_PROFILE_HOME Windows operating system: WAS_HOME\profiles\ TIPProfile Linux, UNIX, or AIX: WAS_HOME/profiles/ TIPProfile TCR_COMPONENT_HOME Windows operating system: C:\Program Files\IBM\WebSphere\ AppSererComponents\ TCRComponent Linux: /opt/ibm/websphere/ AppSererComponents/ TCRComponent UNIX or AIX: /usr/ibm/websphere/ AppSererComponents/ TCRComponent The default DB2 home directory. The default WebSphere Application Serer home directory. The default Tioli Integrated Portal home directory. The Tioli Common Reporting home directory. xii IBM Security Role and Policy Modeler: Glossary
Glossary This glossary includes terms and definitions related to IBM Security Role and Policy Modeler. ancestor role. A parent role, or recursiely, a parent of the parent role. See parent role. application role. A permission-oriented role, often called an IT role, that typically has permissions, but does not hae directly assigned users. For example, an application role Payroll Approer might contain three commonly used permissions that are required to approe paychecks. business role. A user-oriented role, often called an organizational role, that typically has users, but does not hae directly assigned permissions. For example, a business role Manager might contain all managers within an organization. child role. A role that has one or more parent roles. The child role inherits permissions from all of its parent roles in a hierarchical relationship. See descendant role. committing. database. The process of synchronizing imported data from the staging database into the identity and entitlement descendant role. A child role, or recursiely, a child of the child role. See child role. identity and entitlement database. Contains the committed data that is used when you work with role models. The data includes roles, permissions, users, separation of duty constraints, their relationships, and projects. See staging database and project. membership qualifier. A user-attribute filter that describes or determines the membership of a role. parent role. A role that has one or more child roles. The parent role grants a set of permissions to its child roles in a hierarchical relationship. See ancestor role. permission. An abstract representation of an action on a resource. The permission can contain as little or as much detail as required to meet the modeling goals. For example, the IT implementation of a modeled permission can represent a high-leel permission, such as an account on a system or a membership in a group. Or, the permission can represent a fine-grained transaction on a database column, row, or both. project. A container for modeled roles and separation of duty constraints. You can scope and target the users and permissions that you want to consider when you model roles. You can also copy existing roles and separation of duty constraints into a project. project scope. Defines the users and permissions to be analyzed during the role modeling process. role. A concept that aggregates users and permissions, with a releant meaning to the business, to simplify the management of user access to resources. Through an assignment to one or more roles, a user acquires the permissions to perform operations on resources, where those permissions are also assigned to the roles. Using roles, management of a user's access to resources is simplified to the assignment of the user to roles. role generation. A process to automatically derie a role model by analyzing user-to-permission assignments. role hierarchy. A role structure that allows the inheritance of permissions and users. The descendant or child role inherits the permissions of its ancestor or parent roles. The ancestor or parent role aggregates the user membership of its descendant or child roles. role mining. See role generation. role modeling. The process of defining roles and their relationships. Copyright IBM Corp. 2011, 2012 1
role type. The classification of a role based on its use in the organization. See application role and business role. separation of duty constraint. A constraint that defines a mutually exclusie relationship between two or more roles. For example, a separation of duty constraint might state that no user can be a member of both the Purchaser and Accountant roles. staging database. Contains imported data that is initially loaded into this database for alidation and error correction. Data in the staging database does not affect role modeling until it is committed. See identity and entitlement database and project. 2 IBM Security Role and Policy Modeler: Glossary
Notices This information was deeloped for products and serices offered in the U.S.A. IBM may not offer the products, serices, or features contained in this document in other countries. Consult your local IBM representatie for information on the products and serices currently aailable in your area. Any reference to an IBM product, program, or serice is not intended to state or imply that only that IBM product, program, or serice may be used. Any functionally equialent product, program, or serice that does not infringe any IBM intellectual property right may be used instead. Howeer, it is the user's responsibility to ealuate and erify the operation of any non-ibm product, program, or serice. IBM might hae patents or pending patent applications that coer subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drie Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan The following paragraph does not apply to the United Kingdom or any other country where such proisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement might not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are proided for conenience only and do not in any manner sere as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. Copyright IBM Corp. 2011, 2012 3
IBM may use or distribute any of the information you supply in any way it beliees appropriate without incurring any obligation to you. Licensees of this program who wish to hae information about it to enable: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation J46A/G4 555 Bailey Aenue San Jose, CA 95141-1003 U.S.A. Such information might be aailable, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material aailable for it are proided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equialent agreement between us. Any performance data contained herein was determined in a controlled enironment. Therefore, the results obtained in other operating enironments might ary significantly. Some measurements might hae been made on deelopment-leel systems and there is no guarantee that these measurements will be the same on generally aailable systems. Furthermore, some measurements might hae been estimated through extrapolation. Actual results might ary. Users of this document should erify the applicable data for their specific enironment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements, or other publicly aailable sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding the future direction or intent of IBM are subject to change or withdrawal without notice, and represent goals and objecties only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of indiiduals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on arious operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of deeloping, using, marketing, or distributing application programs that conform to the application programming interface for the operating platform for which the sample programs are written. These examples hae not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, sericeability, or function of these programs. The sample 4 IBM Security Role and Policy Modeler: Glossary
programs are proided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. Each copy or any portion of these sample programs or any deriatie work, must include a copyright notice as follows: (your company name) (year). Portions of this code are deried from IBM Corp. Sample Programs. Copyright IBM Corp. 2004, 2012. All rights resered. If you are iewing this information softcopy, the photographs and color illustrations might not appear. Trademarks The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both: http://www.ibm.com/ legal/copytrade.shtml Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Jaa and all Jaa-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. The Oracle Outside In Technology included herein is subject to a restricted use license and can only be used in conjunction with this application. Notices 5
6 IBM Security Role and Policy Modeler: Glossary
Index A accessibility features for this product ancestor role application role B books See publications business role C child role committing conentions typeface x D data committing database identity and entitlement staging 2 descendant role directories home xi ariables xi E education See technical training F filter membership ix I IBM Software Support x Support Assistant x identity and entitlement database L locations home directories M manuals See publications membership filter membership qualifier N notices 3 O online publications ii terminology ii ordering publications xi iii P parent role permission problem-determination x project project scope publications ii accessing online ii, iii conentions x list of for this product ii online ii ordering iii role (continued) descendant 1 parent 1 role generation role hierarchy role mining role modeling role type definition 2 S separation of duty constraint definition 2 staging database definition 2 T technical training x terminology ii terminology web site iii Tioli Documentation Central training x troubleshooting x typeface conentions x U user communities x iii G glossary 1 H home directories locations xi R role ancestor 1 application 1 business 1 child 1 Copyright IBM Corp. 2011, 2012 7
8 IBM Security Role and Policy Modeler: Glossary
Printed in USA SC27-2800-00