Performing delta synchronization through Catalog Page
The configuration parameter page_load_data_from_oneim_server_delta_load is to configure delta synchronization on the catalog page. This parameter takes a Boolean value and setting the value to true would perform a delta synchronization if the catalog page full synchronization is not enabled.
Once the catalog page delta synchronization configuration parameter is configured, the additional delta synchronization configuration parameters delta_load_data_from_oneim_server_persons, delta_load_data_from_oneim_server_service_items also need to be configured to define which objects should be delta synchronized. These parameters have already been explained earlier.
Roles and Permissions
Details of the roles that are currently supported by the One Identity Manager for Service Catalog App are explained below.
-
x_oni_oneim_addon.admin – This is the One Identity Manager for Service Catalog App Administrator role. Just like the SysAdmin, these users can request service items for any user that has a matching employee record in One Identity Manager. It is the responsibility of the SysAdmin to assign this role to appropriate users. Users with this Role would be able to view the application in the application navigator and will have Read/Write access to all the application tables.
-
x_oni_oneim_addon.businessuser – This is the One Identity Manager for Service Catalog application business user role. These users can request service items only for themselves. All users synchronized into ServiceNow from One Identity Manager will be assigned to this role.
Schedule job OneIdentity Manager user permissions required
Currently we support DialogUser authentication module and following are the minimum permissions required for the system user:
Approver roles
Once an IT shop request is created, it follows the defined approval process. If manager approval is enabled in configuration parameters, the request is routed to the manager for approval. The manager needs an appropriate role such as the approver_user role, to be able to approve or reject the IT Shop request.
Adding approval role for One Identity Manager managers
Once a synchronization operation completes One Identity Manager managers optionally could be added to a configured approval role. The configuration parameters for automatically adding One Identity Manager managers approver role are:
NOTE: The role could be chargeable. Consult a ServiceNow representative regarding cost involved before enabling this configuration parameter.