Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Identity Manager 9.2.1 - System Roles Administration Guide

Creating and editing system role types

System role types identify the type of company resources that the system role is used to grouped together. You can, for example, define system role types for system roles in which you group different target system groups.

To create or edit a system role type

  1. In the Manager, select the Entitlements > Basic configuration data > System role types category.

  2. Select a system role type in the result list. Select the Change main data task.

    – OR –

    Click in the result list.

  3. Enter a name and description for the system role type.

  4. Save the changes.

Assigning company resources to system roles

Assign the company resources you want to group together into one package, to the system role. When you assign system roles to identities and workdesks, the company resources are inherited by the identities and workdesks.

NOTE: Company resources where the Only use in IT Shop option is set can only be assigned to system roles that also have this option set.

The following table lists the company resources you can assign to system roles.

NOTE: Company resources are defined in the One Identity Manager modules and are not available until the modules are installed.

Table 6: Possible company resource assignments
Company resource Available in Module

Resources

always

Account definitions

Target System Base Module

Groups of custom target systems

Target System Base Module

System entitlements of custom target systems

Target System Base Module

Active Directory groups

Active Directory Module

SharePoint groups

SharePoint Module

SharePoint roles

SharePoint Module

LDAP groups

LDAP Module

Notes groups

Domino Module

SAP groups

SAP R/3 User Management Module

SAP profiles

SAP R/3 User Management Module

SAP roles

SAP R/3 User Management Module

SAP parameters

SAP R/3 User Management Module

Structural profiles

SAP R/3 Structural Profiles Add-on Module

BI analysis authorizations

SAP R/3 Analysis Authorizations Add-on Module

E-Business Suite permissions

Oracle E-Business Suite Module

Subscribable reports

Report Subscription Module

Software

Software Management Module

Azure Active Directory groups

Azure Active Directory Module

Azure Active Directory administrator roles

Azure Active Directory Module

Azure Active Directory subscriptions

Azure Active Directory Module

Disabled Azure Active Directory service plans

Azure Active Directory Module

Unix groups

Unix Based Target Systems Module

Cloud groups

Cloud Systems Management Module

Cloud system entitlements

Cloud Systems Management Module

PAM user groups

Privileged Account Governance Module

Google Workspace groups

Google Workspace Module

Google Workspace products and SKUs

Google Workspace Module

SharePoint Online groups

SharePoint Online Module

SharePoint Online roles

SharePoint Online Module

OneLogin roles

OneLogin Module

To add company resources to a system role

  1. In the Manager, select the Entitlements > System roles category.

  2. Select the system role in the result list.

  3. Select the task to assign the corresponding company resource.

  4. In the Add assignments pane, assign company resources.

    TIP: In the Remove assignments pane, you can remove company assignments.

    To remove an assignment

    • Select the company resource and double-click .

  5. Save the changes.
Related topics

Assigning system roles to workdesks and identities

You can assign system roles directly or indirectly to identities or workdesks. In the case of indirect assignment, identities (workdesks) and system roles are grouped into hierarchical roles. The number of system roles is calculated from the position in the hierarchy and the direction of inheritance assigned to an identity (or workdesk).

Add identities to a shop as customers so that system roles can be assigned through IT Shop requests. All system roles assigned as product to this shop can be requested by the customers. Requested system roles are assigned to the identities after approval is granted.

NOTE: If the system role is disabled or if the share date is still in the future, the company resources are not inherited.

Prerequisites for indirect assignment to identities
  • Assignment of identities and system roles is permitted for role classes (departments, cost centers, locations, or business roles).

Prerequisite for indirect assignment to workdesks
  • Assignment of workdesks and system roles is permitted for role classes (departments, cost centers, locations, or business roles).

NOTE: There are other configuration settings that play a role when company resources are inherited through departments, cost centers, locations, and business roles. For example, role inheritance might be blocked or inheritance of identities not allowed. For more detailed information about the basic principles for assigning company resources, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics

Assigning system roles to departments, cost centers, and locations

Assign the system role to departments, cost centers, and locations for it to be assigned to identities and workdesks through these organizations.

To assign a system role to departments, cost centers, and locations

  1. In the Manager, select the Entitlements > System roles category.

  2. Select the system role in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

NOTE: In order for company resources assigned to the system role to be inherited by departments, cost centers, and locations, role classes must have the Direct assignments allowed option set. For more information about setting this option, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics
Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation