Specifying mutually exclusive application roles
It is possible that employees cannot own certain system roles at the same time. Thus, for example, exception approvers for rule violations may not be rule supervisors at the same time. To implement this behavior, you can specify mutually exclusive application roles. Then you cannot assign these application roles to the same person anymore.
NOTE: Only system roles, which are defined directly as conflicting application roles, cannot be assigned to the same employee. Definitions made on parent or child application roles do not effect the assignment.
To configure inheritance exclusion
To specify inheritance exclusion for application roles
-
In the Manager in the One Identity Manager Administration category, select the application role for which you want to define an inheritance exclusion.
-
Select the Edit conflicting application roles task.
-
In the Add assignments pane, assign application roles that are mutually exclusive to the selected system role.
- OR -
In the Remove assignments pane, remove the application roles that are no longer mutually exclusive.
- Save the changes.
Assigning subscribable reports to application roles
Use this task to assign subscribable reports to an application role. All employee in this application role can subscribe to reports in the Web Portal. For more information about subscribable reports, see the One Identity Manager Report Subscriptions Administration Guide.
NOTE:
-
This function is only available if the Report Subscription Module is installed.
-
The task is only available if a permissions group is assigned to the application role (or a parent application role).
-
Subscribable reports cannot be assigned to the Base roles | Employee Managers, the Base roles | Everyone (Lookup), or the Base roles | Everyone (Change) application role.
To assign subscribable reports to an application role
-
In the Manager, select an application role in the One Identity Manager Administration category.
-
Select the Assign subscribable reports task.
-
In the Add assignments pane, assign reports.
TIP: In the Remove assignments pane, you can remove report assignments.
To remove an assignment
- Save the changes.
Assigning extended properties to application roles
Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager. For more information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
To specify extended properties for an application role
-
In the Manager, in the One Identity Manager Administration category, select the Application role.
-
Select the Assign extended properties task.
-
In the Add assignments pane, assign extended properties.
TIP: In the Remove assignments pane, you can remove assigned extended properties.
To remove an assignment
- Save the changes.
Generating assignment resources for application roles
It is possible to create assignment resources for individual application roles. This means you can limit assignment resources to individual application roles in the Web Portal. When the assignment resource is requested, it is no longer necessary to select the application role as well. The application role is automatically a part of the assignment request. For more information about assignment requests, see the One Identity Manager IT Shop Administration Guide.
To limit an assignment resource to one application role
-
In the Manager in the One Identity Manager Administration category, select the Application role.
-
Select the Create assignment resource task.
This starts a wizard that takes you through the steps for adding an assignment resource.
.