To delete a group
.
The group is deleted completely from the One Identity Manager database and from Azure Active Directory.
By using administrator roles, you can assign administrative permissions to users. Azure Active Directory recognizes several administrator roles, which fulfill different functions. For more detailed information about administrator roles, see the Azure Active Directory documentation from Microsoft.
Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager.
To add users to administrator roles, assign the administrator roles directly to the user. This may be administrator role assignments to departments, cost centers, locations, business roles, or the IT Shop.
Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager.
To edit the master data of an administrator role
|
Property |
Description |
|---|---|
|
Display name |
The display name is used to display the administrator role in the One Identity Manager tools' user interface. |
| Tenant |
The administrator role's tenant. |
|
Template ID. |
ID of the administrator role template on which this administrator role was based. |
|
IT Shop |
Specifies whether the administrator role can be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. The administrator role can still be assigned directly to user accounts and hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the administrator role can only be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. You cannot assign an administrator role directly to a hierarchical role. |
|
Service item |
Specifies a service item for requesting the administrator role through the IT Shop. |
|
Risk index |
Value for assessing the risk of assigning administrator roles to user accounts. Enter a value between 0 and 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set. For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
|
Category |
Categories for inheriting administrator roles. Administrator roles can be selectively inherited by user accounts. To do this, administrator roles and user accounts are divided into categories. Use the menu to allocate one or more categories to the administrator role. |
|
Description |
Text field for additional explanation. |
Administrator roles can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and administrator roles are assigned to hierarchical roles, such as, departments, cost centers, locations, or business roles. The administrator roles assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.
If you add an employee to roles and that employee owns a user account, the user account is added to the administrator roles. Prerequisites for the indirect assignment of employees to user accounts:
Furthermore, administrator roles can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that administrator roles can be assigned through IT Shop requests. All administrator roles assigned as products to this shop, can be requested by the customers. Requested administrator roles are assigned to the employees after approval is granted.
© ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center
