Reports about departments, cost centers, and locations
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for departments, cost centers, and locations.
NOTE: Other sections may be available depending on the which modules are installed.
Table 23: Reports about departments, cost centers, and locations
| Overview of all assignments |
This report finds all the roles in which employees from the selected department, cost center, or location are also members. |
| Data quality of department members (cost center members) |
This report evaluates the data quality of employee data records. It takes all employees in the department or cost center into account. |
| Show historical memberships |
This report lists all members of the selected department, cost center, or location and the duration of their membership. |
|
Employees per department |
This report contains the number of employee per department. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager. |
|
Employees per cost center |
This report contains the number of employee per cost center. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager. |
|
Employees per location |
This report contains the number of employee per location. The primary and secondary assignments to organizations are taken into account. You can find this report in My One Identity Manager. |
Related topics
Working with dynamic roles
Dynamic roles are used to specify role memberships dynamically. Employees, devices, and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees (devices or workdesks) fulfill these conditions. The means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a department in this way; if an employee leaves the department they immediately lose the resources assigned to them.
Role memberships through dynamic roles are implemented as indirect, secondary assignments. Therefore secondary assignment of employees, devices, and workdesks to role classes must be permitted. If necessary, further configuration settings need to be made.
Example of dynamic role functionality
All external employees are added to a new dynamic role. These employees should be assigned to a company resource ABC. The dynamic role is initially defined with the following data:
| Dynamic role |
External employees |
| Description |
All external employees |
| Object class |
PERSON |
| Condition |
IsExternal = 1 |
| Department |
A_1 |
The department A_1 is now assigned the resource ABC. All employees who fulfill the condition at the time the dynamic role was defined are assigned to department A_1 and therefore inherit the resource ABC. Employees who fulfill the condition at a later date, are assigned to department A_1 from that moment. Conversely, employees in department A_1 are removed the moment the are no longer known as external employees by One Identity Manager. The resource ABC is no longer available to those employees assuming they have not been assigned the resource through other channels.
Detailed information about this topic
Related topics
Editing dynamic roles
You can create dynamic roles for departments, cost centers, locations, business roles, application roles, and IT Shop nodes. This allows you to specify memberships in these roles.
To create a dynamic role
-
Select the role for which a dynamic role is to be created.
-
Select the Create dynamic role task.
-
Enter the required master data.
- Save the changes.
To edit a dynamic role
-
Select the role for which the dynamic role was created.
-
Open the role's overview form.
-
Select the Dynamic roles form element and click on the dynamic role.
-
Select the Change master data task.
-
Edit the data and then save the changes.
Related topics
Dynamic role master data
Enter the following data for a dynamic role.
Table 24: Dynamic role master data
|
Role/Organization |
Role (department, cost center, location, business role, IT Shop node, application node) referenced by the dynamic role. This data is preset with the selected role. |
|
Object class |
Object class that the dynamic role applies to. Choose between Person, Hardware, and Workdesk.
NOTE: The combination of object class and role must be unique. It is not possible that two dynamic roles from the same object class to refer to one role. |
|
Dynamic role |
Name of the dynamic role. |
|
Calculation schedule |
Schedule, which triggers cyclical recalculation of the role membership. The Dynamic roles check schedule is already defined in the default One Identity Manager installation. All dynamic role memberships are checked using this schedule and recalculation requests are sent to the DBQueue Processor if necessary. Use the Designer to customize schedules or set up new ones to meet your requirements. For more detailed information, see the One Identity Manager Operational Guide. |
|
Description |
Text field for additional explanation. |
|
Condition |
Defines which objects of the object class become members of the selected role. For more information, see Conditions for dynamic roles. |
For detailed information about using the WHERE clause wizard and the filter designer, see the One Identity Manager User Guide for One Identity Manager Tools User Interface.
Related topics
