Chat now with support
Chat mit Support

Identity Manager 9.0 LTS - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program functions One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Displaying permissions for objects

You can display object properties and permissions in One Identity Manager tools.

NOTE: The Manager must be running in expert mode to show object properties.

To view an object's permissions

  1. Select the object and open the Properties context menu.

  2. Select the Permissions tab.

    On the Permissions tab, based on the permissions groups, you see what permissions apply to an object. The first entry shows the basic permissions for the table. The permissions for this particular object are displayed beneath that. The other entries show the column permissions.

    TIP: Double-click the table entry, the object entry, or a column entry to display the permissions group from which the permissions were determined.

    Table 26: Icon used for permissions
    Icon Meaning

    Permissions exist.

    Permissions have been removed by the object layer.

    Permissions limited by conditions.

Displaying permissions for the current user

To get more information about the current user

  • To display user information, double-click the icon in the program status bar.

Table 27: Extra information about the current user
Property Meaning

System users

Name of system user

Authenticated by

Name of the authentication module used for logging in.

Employee UID (UserUID)

Unique ID for the current user’s employee if an employee related authentication module is used to log in.

SQL access level

Access level of the database server used to log in.

Read-only

The system user has only has read permissions. Modification to data are not possible.

Dynamic user

The current user uses a dynamic system user. Dynamic system users are applied when a role-based authentication module is used.

Administrative user

The current user uses an administrative system user.

Remarks

More details about the system user in use.

Permissions group

Permissions groups that are assigned to the system user. The permissions groups determine the user's user interface and object permissions.

Program functions

Program functions assigned to the system user The menu items and functions available depend on the program functions.

Assigning role-based permissions groups to an applications

If you assign a permissions group to an application, the permissions of the group apply only to this application. When a user logs on to the application, they receive the permissions of the permissions group in addition to their own permissions.

To assign a role-based permissions group to an application

  1. In the Designer, select the Permissions > Permissions groups > Role based permissions groups category.

  2. Select View > Select table relations and enable the DialogGroupInProductLimited table.

  3. In the List Editor, select the permissions group.

  4. Assign the application in the Applications edit view.

  5. Select the Database > Save to database and click Save.

For more information about applications in One Identity Manager, see the One Identity Manager Configuration Guide.

Managing permissions to program functions

Program functions are part of the permission model in One Identity Manager. They allow you to enable and disable functionality. Program functions are not assigned to single users but to permissions groups. The set of program functions defined for a user is determined by their permissions groups and the program functions contained in them.

One Identity Manager tools can only be started if the user has the relevant program function permissions. Furthermore, some functions in the One Identity Manager tools are available only if the program functions are assigned to the current user. This includes data export from the Manager, calling the SQL Editor in the Designer or showing DBQueue Processor information in all programs, as examples.

Detailed information about this topic
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen