Assign organizations
Use this task to map which relations exist between business roles and departments, cost centers and locations. This task has the same effect as assigning a department, cost center, or location on the business role main data form. The assignment is entered in the respective foreign key column in the base table.
To assign a department, cost center, or location to business roles
-
In the Manager, select the Organizations > Departments, Organizations > Cost centers, or Organizations > Locations category.
-
Select the role in the result list.
-
Select the Assign employees task.
-
In the Add assignments pane, assign business roles.
The selected role is primarily assigned to all business roles as a department, cost center, or location.
- Save the changes.
Defining inheritance exclusion for business roles
You can define conflicting roles to prevent employees, devices, or workdesks from being assigned to several roles at the same time and from obtaining mutually exclusive company resources through these roles. At the same time, specify which business roles are mutually exclusive. This means you may not assign these roles to one and the same employee (device, workdesk).
NOTE: Only roles, which are defined directly as conflicting roles cannot be assigned to the same employee (device, workdesk). Definitions made on parent or child roles do not affect the assignment.
To configure inheritance exclusion
To define inheritance exclusion for a business role
-
In the Manager, select the Business roles > <role class> category.
-
Select a business role in the result list.
-
Select Edit conflicting business roles.
-
In the Add assignments pane, assign business roles that are mutually exclusive to the selected business role.
- OR -
In the Remove assignments pane, remove the business roles that are no longer mutually exclusive.
- Save the changes.
Detailed information about this topic
Assigning extended properties to business roles
You can assign extended properties to business roles. Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager. For more information about extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
To specify extended properties for a business role
-
In the Manager, select the Business roles > <role class> category.
-
Select the business role in the result list.
-
Select the Assign extended properties task.
-
In the Add assignments pane, assign extended properties.
TIP: In the Remove assignments pane, you can remove assigned extended properties.
To remove an assignment
- Save the changes.
Creating assignment resources for application roles
You may add assignment resources to single business roles. This means you can limit assignment resources to a certain business role in the Web Portal. When the assignment resource is requested, it is no longer necessary to request the business role as well. It is automatically a part of the assignment request. For more information, see the One Identity Manager IT Shop Administration Guide.
To limit an assignment resource to a business role
-
In the Manager, select the Business roles > <role class> category.
-
Select a business role in the result list.
-
Select the Create assignment resource task.
This starts a wizard that takes you through the steps for adding an assignment resource.
NOTE: Business roles associated with an assignment resource cannot be deleted until the associated assignment resource is deleted.