Assigning employees to business roles
NOTE: This function is only available if the Business Roles Module is installed.
Assign employees to business roles so that employees obtain their company resources through these business roles. To assign company resources to business roles use the corresponding business role tasks. For more information about working with business roles, see the One Identity Manager Business Roles Administration Guide.
To assign an employee to business roles (secondary assignment; default method)
-
In the Manager, select the Employees > Employees category.
-
Select the employee in the result list.
-
Select the Assign business roles task.
-
In the Add assignments pane, select the role class and assign business roles.
TIP: In the Remove assignments pane, you can remove assigned business roles.
To remove an assignment
- Save the changes.
To assign an employee to business roles (primary assignment)
-
In the Manager, select the Employees > Employees category.
-
Select the employee in the result list.
-
Select the Change main data task.
-
On the Organizational tab, enter the primary business role.
-
Save the changes.
Related topics
Adding employees to IT Shop custom nodes
When employees are added to a custom node they are entitled to make IT Shop requests. Access permissions to the IT Shop and the assignments allocated to them through product requests in the IT Shop are displayed on the employee’s overview. For more information, see the One Identity Manager IT Shop Administration Guide.
To add an employee to the IT Shop
-
In the Manager, select the Employees > Employees category.
-
Select the employee in the result list.
-
Select the Assign IT Shop memberships task.
-
In the Add assignments pane, assign custom nodes.
- OR -
In the Remove assignments pane, remove the custom nodes.
- Save the changes.
Assigning application roles to employees
For more information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.
Assigned employees obtain all the permissions of the permission group to which the application role (or a parent application role) is assigned. In addition, employees obtain the company resources assigned to the application role.
If there are no employees directly assigned to an application role, the employees of the parent application role inherit the permissions.
NOTE: The application roles for Base roles | Everyone (Change), Base roles | Everyone (Lookup), Base roles | Employee Managers, and Base roles | Birthright Assignments are automatically assigned to employees. Do not make any manually assignments to these application roles.
To assign application to an employee
-
In the Manager, select the Employees > Employees category.
-
Select the employee in the result list.
-
Select the Assign One Identity Manager application roles task.
-
In the Add assignments pane, assign the application roles.
TIP: In the Remove assignments pane, you can remove application role assignments.
To remove an assignment
- Save the changes.
Assigning resources directly to employees
Resources can be assigned directly or indirectly to employees. Indirect assignment is carried out by allocating employees and resources in company structures, like departments, cost centers, locations, or business roles.
To react quickly to special requests, you can assign resources directly to an employee.
To assign resources directly to an employee
-
In the Manager, select the Employees > Employees category.
-
Select the employee to whom the resources will be assigned, from the result list.
-
Select the Assign resources task.
-
In the Add assignments pane, assign resources.
TIP: In Remove assignments, you can remove assigned resources.
To remove an assignment
- Select the resource and double-click .
- Save the changes.
Related topics