Assigning identities to business roles
NOTE: This function is only available if the Business Roles Module is installed.
Assign identities to business roles so that identities obtain their company resources through these business roles. To assign company resources to business roles use the corresponding business role tasks. For more information about working with business roles, see the One Identity Manager Business Roles Administration Guide.
To assign an identity to business roles (secondary assignment; default method)
-
In the Manager, select the Identities > Identities category.
-
Select the identity in the result list.
-
Select the Assign business roles task.
-
In the Add assignments pane, select the role class and assign business roles.
TIP: In the Remove assignments pane, you can remove assigned business roles.
To remove an assignment
- Save the changes.
To assign an identity to business roles (primary assignment)
-
In the Manager, select the Identities > Identities category.
-
Select the identity in the result list.
-
Select the Change main data task.
-
On the Organizational tab, enter the primary business role.
-
Save the changes.
Related topics
Adding identities to IT Shop custom nodes
When identities are added to a custom node they are entitled to make IT Shop requests. Access permissions to the IT Shop and the assignments allocated to them through product requests in the IT Shop are displayed on the identity’s overview. For more information, see the One Identity Manager IT Shop Administration Guide.
To add an identity to the IT Shop
-
In the Manager, select the Identities > Identities category.
-
Select the identity in the result list.
-
Select the Assign IT Shop memberships task.
-
In the Add assignments pane, assign custom nodes.
- OR -
In the Remove assignments pane, remove the custom nodes.
- Save the changes.
Assigning application roles to identities
For more information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.
Assigned identities obtain all the permissions of the permission group to which the application role (or a parent application role) is assigned. In addition, identities obtain the company resources assigned to the application role.
If there are no identities directly assigned to an application role, the identities of the parent application role inherit the permissions.
NOTE: The application roles for Base roles | Everyone (Change), Base roles | Everyone (Lookup), Base roles | Identity Managers, and Base roles | Birthright Assignments are automatically assigned to identities. Do not make any manually assignments to these application roles.
To assign application to an identity
-
In the Manager, select the Identities > Identities category.
-
Select the identity in the result list.
-
Select the Assign One Identity Manager application roles task.
-
In the Add assignments pane, assign the application roles.
TIP: In the Remove assignments pane, you can remove application role assignments.
To remove an assignment
- Save the changes.
Assigning resources directly to identities
Resources can be assigned directly or indirectly to identities. Indirect assignment is carried out by allocating identities and resources in company structures, like departments, cost centers, locations, or business roles.
To react quickly to special requests, you can assign resources directly to an identity.
To assign resources directly to an identity
-
In the Manager, select the Identities > Identities category.
-
Select the identity to whom the resources will be assigned, from the result list.
-
Select the Assign resources task.
-
In the Add assignments pane, assign resources.
TIP: In Remove assignments, you can remove assigned resources.
To remove an assignment
- Select the resource and double-click .
- Save the changes.
Related topics