Chat now with support
Chat mit Support

Identity Manager 8.1 - System Roles Administration Guide

Assigning extended properties

Extended properties are meta objects that cannot be mapped directly in One Identity Manager, for example, operating codes, cost codes or cost accounting areas.

To specify extended properties for a system role

  1. Select the category Entitlements | System Roles.

  2. Select the system role in the result list.

  3. Select Assign extended properties.

  4. Assign extended properties in Add assignments.

    TIP: In the Remove assignments area, you can remove the assignment of extended properties.

    To remove an assignment

    • Select the extended property and double click .
  5. Save the changes.

For more detailed information about extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Excluding System Roles

Specify, which system role of a pair of system roles, should be take effect if both are assigned. No company resources are inherited by the system role which is not effective.

To exclude system roles

  1. Select the category Entitlements | System Roles.

  2. Select the system role in the result list.

  3. Select Edit conflicting system roles.

  4. Assign the system roles that are mutually exclusive to the selected system role in Add assignments.

    - OR -

    In the Remove assignments view, remove the system roles that no longer exclude each other.

  5. Save the changes.
Detailed information about this topic

Appendix: Configuration parameters for system roles

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 7: Configuration parameters for the module
Configuration parameter Description

QER\ESet

Preprocessor relevant configuration parameter for controlling the database model components for system roles. If this parameter is set, system components are available. Changes to this parameter require the database to be recompiled.

QER\Structures\Inherite\ESetExclusion

Preprocessor relevant configuration parameter for defining the effectiveness of system roles. If this parameter is set, mutually exclusive system roles can be defined. Changes to this parameter require the database to be recompiled.

QER\Structures\Inherite\NoESetSplitting

Specifies whether the components of a system role are already split in the hierarchical role (as previously) or not (current behavior). If this parameter is set, the system roles are not broken down into their individual components until the target of the inheritance.

Appendix: Example of system role inheritance

The following example shows how inheritance of company resources through system roles works and what effect exclusion definitions have.

Topics:
Verwandte Dokumente