Chat now with support
Chat mit Support

Identity Manager 8.1 - Business Roles Administration Guide

Managing Business Roles Role Mining in One Identity Manager

Customizing Program Settings

To change the program settings

  • Select Database | Settings... from the menu.
Table 20: Program settings
Setting Meaning

Automatically close analysis information window on completion

If this option is set and analyses are predefined, the information window is closed after analysis. If the option is not set, the information window is shown. Close the window using the Finished button.

Show permissions weighting

Set this option to also display a weighting for the permissions.

Role naming template

Define a template for role names. This is used when to format new role names in predefined analysis methods. The template support following variables:

%sequence%

Sequential number

%object%

Name of first object in cluster

%property%

Name of first property in cluster

Running an Analysis

To start analyzing with the Analyzer

Selecting Analysis Data with the Wizard

Before you start the analysis, you collect your initial data. The Analyzer accesses all permissions information in its own database and creates a mapping table with employees and their permissions. The result can be suggestions for single roles from analyzing a single application but also cross-system roles from analyzing permissions in several systems.

To select initial data

  1. On the Analyzer’s start page, choose Select data with wizard.
  2. Click Start.
  3. Specify an employee group to analyze. Select one of the following selection methods.
    • Structures

      Employees can be selected through the organization and business roles contained in One Identity Manager.

      1. Select Structures.
      2. Click Next.
      3. In the Structures list, select the organization or business role for analysis.

        The employees assigned to this structure are displayed in the Employees list. Use the Show directly/indirectly assigned employees buttons in the title bar to filter the employees.

        Table 22: Icons for filtering the employee list
        Icon Meaning
        Show indirectly assigned employees
        Show directly assigned employees
        Show employees from child nodes
      4. Click Next.
    • Query wizard

      Define the condition used to find the employees in the database. The wizard helps you to formulate a condition (where clause) for database queries. The complete database query is composed internally. The database query references the "Person" table. For more information about using the wizard, see One Identity Manager User Guide for One Identity Manager Tools User Interface.

    • Menu

      The list displays all the employees in the One Identity Manager database. Use Shift + select or Ctrl + select to select several employees for analysis.

    • Load wizard template

      Load an existing configuration. Select the template file and click Open.

  4. Click Next.
  5. Select the target system whose user accounts and permissions will be included in the analysis. User Ctrl + select to multi-select target systems.
  6. Click Next.
  7. Specify the analysis methods. The following methods are available.
    Table 23: Analysis method
    Analysis method Description

    Simple cluster analysis/Complex cluster analysis

    Permissions are grouped into new business roles using cluster analysis methods and employees are assigned.

    The Analyzer supports automatic role mining by two different cluster analysis methods, which differ in terms of how they calculate the distances between individual clusters.

    Decision hierarchy

    Permissions are grouped into new business roles in a decision hierarchy and the employees are assigned. The number of group members is taken as the decision criteria.

    Structure assignment

    The permissions are assigned to an existing structure hierarchy. The use of existing structures, for example, organizational structure from ERP systems, is possible.

    Permissions analysis

    Employee permissions are analyzed with the help of permissions analysis. Business roles are freely defined and assignments of permissions and employees are evaluated manually based on the existing permissions.

  8. Click Next.
  9. (Optional) To reuse the configuration at a later time, set Save configuration as template. Select the directory path for saving the file using the file browser and click Save.
  10. Click Finish to start the analysis.

    This loads the data and starts the analysis. The results of the analysis are subsequently displayed. For more information, see Analysis evaluation.

  11. Create a new business role if required and assign the employees. Add the suggested changes to the One Identity Manager database. For more information, see Transferring changes.

Predefined Analyzes

NOTE: Analysis methods are made available when the Active Directory Module is present.

The following predefined analyses are provided:

  • Employee Active Directory permissions

    The permissions of all employees with Active Directory group memberships are analyzed.

  • Employee Active Directory permissions and departments

    The permissions of all employees with Active Directory group memberships are analyzed. Departments with Active Directory groups are also included in the analysis.

To start predefined analysis

  1. Select Active Directory employee permissions or Active Directory employee permissions and departments on the Analyzer home tab.
  2. Click Start.

    This loads the analysis data and starts analysis immediately. This may take some time, depending on the amount of data.

    Analysis data is displayed depending on the program settings. Click Expand... to see detailed information. Click Finish to close the dialog box. The results of the analysis are subsequently displayed. For more information, see Analysis evaluation.

Verwandte Dokumente