Role classes for the IT Shop
Role classes form the basis for mapping IT Shop structures in One Identity Manager. The following role classes are available by default in One Identity Manager:
Use role classes to specify which company resources can be requested through the IT Shop. At the same time, you decide which company resources may be assigned as products to shelves and IT Shop templates.
The following options define which company resources may be assigned to IT Shop structures and IT Shop templates:
-
Assignments allowed
This option specifies whether the assignment of the relevant company resources is permitted in general.
-
Direct assignments allowed
This option specifies whether the relevant company resources can be directly assigned.
NOTE: Company resources are always assigned directly to shelves and IT Shop templates. Therefore, always enable and disable both options.
To configure assignment to IT Shop structures and IT Shop templates
-
In the Manager, select the IT Shop > Basic configuration data > Role classes category.
-
In the result list, select the role class.
-
Select the Configure role assignments task.
-
In the Role assignments column, select a company resource.
Enable the Assignments permitted option, to specify whether an assignment is generally allowed.
Enable the Direct assignment permitted options, to specify whether a direct assignment is allowed.
Disable the options if the assignment is not allowed.
INFORMATION: You can only disable the options if there are no assignments of the respective objects to IT Shop structures or IT Shop templates.
- Save the changes.
Role types for the IT Shop
Create role types in order to classify roles. You can use role types to limit the approval policies in effect for shelves. To do this, assign role types to shelves and approval policies.
You can also assign role types to shops if you want to apply further criteria to distinguish between shops. Role types for shops do not, however, influence how the approval policies in effect are determined.
To edit a role type
-
In the Manager, select the IT Shop | Basic configuration data | Role types.
-
In the result list, select the role type and run the Change main data task.
- OR -
Click in the result list.
-
Enter a name and detailed description for the role type.
- Save the changes.
Related topics
Business partners
In One Identity Manager, you can enter the data for external businesses that could be act as manufacturers, suppliers, or partners. You assign a manufacturer to a service item.
To edit business partners
-
In the Manager, set the IT Shop | Basic configuration data | Business partners.
-
In the result list, select a business partner and run the Change main data task.
- OR -
Click in the result list.
-
Edit the business partner's main data.
- Save the changes.
Enter the following data for a company.
Table 64: General main data of a company
Company |
Short description of the company for the views in One Identity Manager tools. |
Name |
Full company name. |
Surname prefix |
Additional company name. |
Short name |
Company's short name. |
Contact |
Contact person for the company. |
Partner |
Specifies whether this is a partner company. |
Customer number |
Customer number at the partner company. |
Supplier |
Specifies whether this is a supplier. |
Customer number |
Customers number at supplier. |
Leasing partner |
Specifies whether this is a leasing provider or rental firm. |
Manufacturer |
Specifies whether this is a manufacturer. |
Remarks |
Text field for additional explanation. |
Table 65: Company address
Street |
Street or road. |
Building |
Building |
Zip code |
Zip code. |
City |
City. |
State |
State. |
Country |
Country. |
Phone |
Company's telephone number. |
Fax |
Company's fax number. |
Email address |
Company's email address. |
Website |
Company's website. Click the button to display the web page in the default web browser. |
Functional areas
To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Functional areas can be assigned to hierarchical roles and service items. You can enter criteria that provide information about risks from rule violations for functional areas and hierarchical roles. To do this, you specify how many rule violations are permitted in a functional area or a role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.
Moreover, functional areas can be replaced by peer group analysis during request approvals or attestation cases.
Example: Use of functional areas
To assess the risk of rule violations for service items. Proceed as follows:
-
Set up functional areas.
-
Assign service items to the functional areas.
-
Specify the number of rule violations allowed for the functional area.
-
Assign compliance rules required for the analysis to the functional area.
-
Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.
To create or edit a functional area
-
In the Manager, select the IT Shop > Basic configuration data > Functional areas category.
-
In the result list, select a function area and run the Change main data task.
- OR -
Click in the result list.
-
Edit the function area main data.
- Save the changes.
Enter the following data for a functional area.
Table 66: Functional area properties
Functional area |
Description of the functional area |
Parent Functional area |
Parent functional area in a hierarchy.
Select a parent functional area from the list for organizing your functional areas hierarchically. |
Max. number of rule violations |
List of rule violation valid for this functional area. This value can be evaluated during the rule check.
NOTE: This property is available if the Compliance Rules Module is installed. |
Description |
Text field for additional explanation. |
Related topics