サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.0 LTS - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program functions One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Application roles for Application Governance

NOTE: This application role is available if the module Application Governance Module is installed.

Table 15: Application roles for Application Governance
Application role Tasks

Administrators

Administrators must be assigned to the Application Governance | Administrators application role.

Users with this application role:

  • Create new business applications in the Web Portal.

  • Manage all business applications in the Web Portal.

Owner

The owners of business applications must be assigned to the Application Governance | Owners application role.

Users with this application role:

  • Can edit business applications that they manage in the Web Portal.

Approver

Approvers must be assigned to the Application Goverance | Approvers application role.

Users with this application role:

  • Approve requests for business application products.

Application roles for custom tasks

NOTE: This application role is available if the Identity Management Base Module is installed.

The following application roles are available for customer features and tasks.

Table 16: Application roles for custom tasks
Application role Description

Administrators

Administrators must be assigned to the Custom | Administrators application role.

Users with this application role:

  • Administrate custom application roles.

  • Set up other application roles for managers if required.

Manager/supervisor

Managers must be assigned to the Custom | Managers application role or a child role.

Users with this application role:

  • Add custom task in One Identity Manager.

  • Configure and start synchronization in the Synchronization Editor.

  • Edit the synchronization's target system types as well as outstanding objects in the Manager.

You can use these application roles, for example, to guarantee One Identity Manager user permissions on custom tables or columns. All application roles that you define here must obtain their permissions through custom permissions groups.

Implementing the application roles

IMPORTANT: To use application roles you must add one employee to the Base roles | Administrators application role. This employee is the authorized to assigned administrative One Identity Manager application roles to other employees.

Run this task once.

To initially add an employee to the Base roles | Administrators application role.

  1. Log into the Manager as a non role-based administrative user.

  2. Select the Employees > Employees category.

  3. Select the employee to be assigned to the Base role | Administrators application role.

  4. Select the Authorize as One Identity Manager administrator task.

    The One Identity Manager user with the Base roles | Administrators application role can now add more employees to application roles and edit the application role main data.

NOTE: Once you update the view in the Manager, the Authorize as One Identity Manager administrator task is no longer displayed in the task view. That means that the task can only be run when there are no other employees assigned to this application role.

After you have been working with One Identity Manager for a while, it is possible that no more employees are assigned to the Base roles | Administrators application role. In this case, proceed as described above in order to reassign an employee to this application role.

Related topics

Creating and editing application roles

To set up your first application roles you need to add an employee to the application role Base roles | Administrators. This employee is authorized to add more employees to different administration application roles. For more information, see Implementing the application roles.

Administrators can edit child application roles, set up more application roles and assigned employees.

NOTE: To edit the application role, log on to the Manager using a role-based authentication module.

To edit an application role

  1. In the Manager in the One Identity Manager Administration category, select the Application role.

  2. Select the Change main data task.

  3. Edit the application role's main data.

  4. Save the changes.

To create a new application role

  1. In the Manager in the One Identity Manager Administration category, select the application role under which you want to create a new application role.

  2. Click in the result list.

  3. Enter the application role main data.

  4. Save the changes.

NOTE: You cannot delete default application roles.

Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択