An assignment resource can be requested by shop customers when it is assigned to an IT Shop shelf.
To add a resource assignment to the IT Shop
In the Manager, select the Entitlements > Assignment resources for IT Shop category.
Select the assignment resource in the result list.
Select the Add to IT Shop task.
In the Add assignments pane, assign the assignment resource to the IT Shop shelves.
To remove an assignment resource from all IT Shop shelves.
In the Manager, select the Entitlements > Assignment resources for IT Shop category.
Select the assignment resource in the result list.
Select the Add to IT Shop task.
In the Remove assignments pane, remove the assignment resource from the IT Shop shelves.
To remove an assignment resource from all IT Shop shelves.
In the Manager, select the Entitlements > Assignment resources for IT Shop category.
Select the assignment resource in the result list.
Select the Remove from all shelves (IT Shop) task.
Click OK.
The One Identity Manager Service removes the assignment resource from all shelves. All assignment requests with this assignment resource are canceled in the process.
Role assignment and responsibilities can be temporarily delegated to others. Thereby, a distinction is made between single delegations and deputizing.
Deputize: Delegate all your responsibilities for a defined area to a deputy. The following areas can be selected:
Approval authorization for requests
Once an employee is determined as the approver for requests, their deputy is added as an additional approver.
Exception approval requests violate the rules
Once an employee is determined as the exception approver for requests, their deputy is added as an additional exception approver.
Approval authorization in attestation cases
Once an employee is determined as the attestor, their deputy is added as an additional attestor.
Employee manager
An employee manager's deputy can also approve managerial tasks. For example, a deputy can initiate requests for employees.
Manager of all roles of a role class
The deputy of a hierarchical roles manager can also approve all managerial tasks. For example, a deputy can initiate assignment requests for a business role.
You can delegate responsibility for the following role classes:
Departments
Cost centers
Locations
Selected business roles
IT Shop structures (owner)
Example: During their leave, user 1 delegates their responsibilities as manager of business role with the "Projects 2222" role class and approval authorization for requests to their deputy, user 2.
A deputy, unlike single delegation, cannot be subdelegated.
An employee who is connected as a main or sub-identity cannot become a delegate nor can deactivated employees.
Single delegation: Delegate your responsibility for a specific role or your memberships in a specific business or application role to any given employee.
Example: User 1 delegates their membership in the "Project 2222-A" business role to user 2.
Single delegations can be subdelegated.
Delegations are automatically approved after a compliance check. They can be canceled and deleted. For more information about delegating tasks, see the One Identity Manager Web Portal User Guide.
Delegations are revoked when the valid-until date is exceeded or the delegate is deleted from the customer node.
One Identity Manager provides standard products for delegations.
|
Service item |
Shop | Shelf |
Type of delegation |
|---|---|---|
|
Deputy (temporary) |
Identity & Access Lifecycle | Identity Lifecycle |
Deputize |
|
Delegation |
Single delegations |
In the default installation, all active One Identity Manager database employees are customers of the Identity & Access Lifecycle shop. This allows all enabled employees to delegate responsibilities.
© ALL RIGHTS RESERVED. Términos de uso Privacidad Cookie Preference Center
