Application role for the Operations Support Web Portal
The Operations Support Web Portal helps you to manage and use your web applications. For more information, see the One Identity Manager Operations Support Web Portal User Guide.
NOTE: This application role is only available if the Identity Management Base Module is installed.
The following application roles are available for the Operations Support Web Portal.
Table 2: Application role for the Operations Support Web Portal
Operations support |
Employees that use the Operations Support Web Portal, must be assigned the Base roles | Operations support application role.
Members of this application role:
-
Monitor handling of Job queue processes.
-
Monitor handling of the DBQueue.
-
Create passcodes to enable staff to log in to the Password Reset Portal. |
Password help desk |
Members of the Basic roles | Operations support | Password help desk application role can reset passwords for other employees in the Operations Support Web Portal. |
Synchronization post-processing |
Members of the Basic roles | Operations support | Synchronization post-processing application role are authorized to manage objects in the Operations Support Web Portal that were identified as pending during synchronization. |
System administrators |
Members of the Base roles | Operations support | System administrators application role can start and stop processing of the Job queue and the DBQueue in the Operations Support Web Portal. |
Application role for Compliance & Security Officers
NOTE: This application role is available if Attestation Module, Compliance Rules Module, or Company Policies Module is installed.
Compliance and security officers must be assigned to the Identity & Access Governance | Compliance & Security Officer application role.
Users with this application role:
-
View all compliance relevant information and other analysis in the Web Portal. This includes attestation policies, company policies and policy violations, compliance rules, and rule violations and risk index functions.
-
Edit attestation polices.
Application role for auditors
NOTE: This application role is available if Attestation Module, Compliance Rules Module or Company Policies Module is installed.
Auditors are assigned to the Identity & Access Governance | Auditors application role.
Users with this application role:
Application roles for identity audit
NOTE: This application role is available if the Compliance Rules Module is installed.
The following application roles are available for managing compliance rule:
Table 3: Application roles for identity audit
Administrators |
Administrators must be assigned to the Identity & Access Governance | Identity Audit | Administrators application role.
Users with this application role:
-
Enter base data for setting up company policies.
-
Create compliance rules and assign rule supervisors to them.
-
Can start rule checking and view rule violations as required.
-
Create reports about rule violations.
-
Enter mitigating controls.
-
Create and edit risk index functions.
-
Monitor Identity Audit functions.
-
Administer application roles for rule supervisors, exception approvers and attestors.
-
Set up other application roles as required. |
Rule supervisors
|
Rule supervisors must be assigned to the Identity & Access Governance | Identity Audit | Rule supervisors application role or a child application role.
Users with this application role:
-
Are responsible for compliance rule content, for example, an auditor or a auditing department.
-
Edit the compliance rule working copies, which are assigned to the application role.
-
Enable and disable compliance rules.
-
Can start rule checking and view rule violations as required.
-
Assign mitigating controls. |
Exception approvers
|
Administrators must be assigned to the Identity & Access Governance | Identity Audit | Exception approvers application role or a child application role.
Users with this application role:
|
Attestors
|
Attestors must be assigned to the Identity & Access Governance | Identity Audit | Attestors application role.
Users with this application role:
NOTE: This application role is available if the module Attestation Module is installed. |
Maintain SAP Functions |
Administrators must be assigned to the Identity & Access Governance | Identity Audit | Maintain SAP functions application role or a child application role.
Users with this application role:
-
Are responsible for SAP function contents.
-
Edit working copies of function definitions for which they are responsible.
-
Define function instances and variables sets for SAP functions.
-
Assign mitigating controls.
NOTE: This application role is available if the module SAP R/3 Compliance Add-on Module is installed. |