Identity Manager 8.1 - System Roles Administration Guide

Chat now with support

Assigning System Roles to Departments, Cost Centers and Locations Assigning System Roles to Business Roles Adding System Roles to the IT Shop Assigning System Roles directly to Employees Assigning System Roles directly to Workdesks Adding System Roles to System Roles

Additional Tasks for Managing System Roles

System Role Overview Assigning extended properties Excluding System Roles

Appendix: Configuration parameters for system roles Appendix: Example of system role inheritance

Example of a system role hierarchy Example of inheritance routes Effect of exclusion definitions

Special features of inheritance via hierarchical roles

Assigning extended properties

Editing system roles > Additional Tasks for Managing System Roles > Assigning extended properties

Extended properties are meta objects that cannot be mapped directly in One Identity Manager, for example, operating codes, cost codes or cost accounting areas.

To specify extended properties for a system role

Select the category Entitlements | System Roles.
Select the system role in the result list.
Select Assign extended properties.
Assign extended properties in Add assignments.
TIP: In the Remove assignments area, you can remove the assignment of extended properties.

To remove an assignment

Select the extended property and double click .
Save the changes.

For more detailed information about extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Excluding System Roles

Editing system roles > Additional Tasks for Managing System Roles > Excluding System Roles

Specify, which system role of a pair of system roles, should be take effect if both are assigned. No company resources are inherited by the system role which is not effective.

To exclude system roles

Select the category Entitlements | System Roles.
Select the system role in the result list.
Select Edit conflicting system roles.
Assign the system roles that are mutually exclusive to the selected system role in Add assignments.
- OR -

In the Remove assignments view, remove the system roles that no longer exclude each other.
Save the changes.

Detailed information about this topic

Effectiveness of system roles

Appendix: Configuration parameters for system roles

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 7: Configuration parameters for the module
Configuration parameter	Description
QER\ESet	Preprocessor relevant configuration parameter for controlling the database model components for system roles. If this parameter is set, system components are available. Changes to this parameter require the database to be recompiled.
QER\Structures\Inherite\ESetExclusion	Preprocessor relevant configuration parameter for defining the effectiveness of system roles. If this parameter is set, mutually exclusive system roles can be defined. Changes to this parameter require the database to be recompiled.
QER\Structures\Inherite\NoESetSplitting	Specifies whether the components of a system role are already split in the hierarchical role (as previously) or not (current behavior). If this parameter is set, the system roles are not broken down into their individual components until the target of the inheritance.

Appendix: Example of system role inheritance

The following example shows how inheritance of company resources through system roles works and what effect exclusion definitions have.

Topics:

Example of a system role hierarchy

Example of inheritance routes

Effect of exclusion definitions

Verwandte Dokumente

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem