Usage – Business role (page description)
To open the Usage – Business role page go to Responsibilities > My Responsibilities > Business Roles > select business role > Usage.
On the Usage – Business role page, you can see the roles and organizations that belong to the identities to which this business role is assigned (see Displaying role memberships of my business roles' members).
The information is displayed as a hierarchical chart, which shows you more about the role inheritance.
The following tables give you an overview of the various features on the Usage – Business role page.
Compliance reports – Business role (page description)
Open the Compliance reports – Business role page by navigating through Responsibilities > My Responsibilities > Business Roles > select business role > Compliance reports.
On the Compliance Reports - Business role page you can:
The information is divided into three parts:
-
Policy violations: Displays all the current policy violations caused by the application role.
-
Compliance rule violations: Shows you all current rule violations of the identities to which the business role is assigned.
-
Identities: Risk index and authorizations: Displays all identities to which the business role is assigned. Additionally, the number of assigned entitlements and the risk index of these identities are displayed.
To display the information, select the item you want from the View menu.
The following table gives an overview of the content of the Compliance reports – Business role page.
Table 335: Columns
Policy violations |
Violating object |
Shows you which object caused the rule violation. |
Policy |
Shows you the policy that was violated. |
Status |
Shows you the status of the rule policy. |
Compliance rule violations |
Identity |
Shows you the identity that caused the rule violation. |
Rule violation |
Shows you the violated rule. |
Approval state |
Shows you how or whether approval is granted to the rule violation. |
Risk index (reduced) |
Shows the risk index taking mitigating controls into account. A rule’s risk index can be reduced by a significance amount after mitigating controls have been applied.
Mitigating controls are processes that exist outside the One Identity Manager solution and that reduce the risk of violation. For more information, see Compliance – Governance Administration. |
Identities: Risk index and entitlements |
Identities |
Shows you the identity to which this business role is assigned. |
Risk index (calculated) |
Shows you the identity's calculated risk index. |
Assigned permissions |
Shows you all the entitlements assigned to this identity. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
System roles (page description)
To open the System Roles page go to Responsibilities > My Responsibilities > System Roles.
On the System Roles page, you can:
If you click a system role in the list, a new page opens (see System role overview page (page description)), which contains more information and configuration options for the system role.
The following tables give you an overview of the different functions and content on the System Roles page.
Table 337: Columns
Name |
Shows the system role's name. |
TIP: You can show less data by using the column filters. For more information, see Filtering.
New system role (page description)
To open the New system Roles page go to Responsibilities > My Responsibilities > System Roles > New system role.
On the New System Role page, you can create a new system role for which you are responsible. Do this by entering the new system role's main data (see Creating your own system roles).
Enter the following main data.
Table 338: System role main data
System role |
Enter a full, descriptive name for the system role. |
Display name |
Enter a name for displaying the system role in the One Identity Manager tools. |
Internal product name |
Enter a company internal name for the system role. |
System role type |
Select the role type of the system role.
The system role type specifies which type of company resources make up the system role. |
Service item |
Click Create a new service item and create a new service item (a product).
If a service item is already assigned, click Change and select a service item.
You cannot use a system role until a service item has been assigned to it. |
System role manager |
Click Change and select the identity responsible for the system role. This identity can edit the system role's main data and be used as an attestor for system role properties.
If the system role can be requested in the IT Shop, the manager will automatically be a member of the application role for product owners assigned the service item. |
Comment |
Enter a comment for the system role. |
IT shop |
Select the check box if the system role can also be requested through the IT Shop. This system role can be requested by identities through the Web Portal and allocated by defined approval processes. The system role can still be assigned directly to identities and hierarchical roles. For more information about IT Shop, see the One Identity Manager IT Shop Administration Guide. |
Only use in IT Shop |
Select the check box if the system role can only be requested through the IT Shop. This system role can be requested by identities through the Web Portal and allocated by defined approval processes. The system role may not be assigned directly to hierarchical roles. |