サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing additional modules for a existing One Identity Manager installation Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Designer Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Advanced configuration of the Manager web application Machine roles and installation packages Configuration parameters for the email notification system How to configure the One Identity Manager database using SQL Server AlwaysOn availability groups

Users and permissions for the One Identity Manager database in Azure SQL Database

The following users are identified for using a One Identity Manager database in Azure SQL Database with granular permissions concept. User permissions at server and database level are matched to their tasks.

  • Installation user

    The installation user is required for the initial setup of a One Identity Manager database using the Configuration Wizard.

  • Administrative user

    The administrative user is used by components of One Identity Manager that require authorizations at server level and database level, for example, the Configuration Wizard, the DBQueue Processor, or the One Identity Manager Service.

  • Configuration user

    The configuration user can run configuration tasks within the One Identity Manager, for example, creating customer-specific schema extensions or working with the Designer. Configuration users need permissions at the server and database levels.

  • End users

    End users are only assigned permissions at database level in order, for example, to complete tasks with the Manager or the Web Portal.

For more information about minimum access levels for One Identity Manager tools, see the One Identity Manager Authorization and Authentication Guide.

Permissions for installation users

The server administrator set up when Azure SQL was deployed has the administrative permissions to directly install and use a One Identity Manager database. Likewise, the granulated permissions concept can be enabled by this user.

If this user cannot be used, an SQL login and database user must be provided with the following permissions.

master database:

  • Member of the loginmanager database role

    The permissions are required to create the necessary database users for the administrative user.

One Identity Manager database:

  • Member of the db_owner database role

    This database role is required for installing the schema with the Configuration Wizard in an existing database or for updating the schema.

Permissions for administrative users

During the installation of the One Identity Manager database with the Configuration Wizard, the following principal elements and permissions are created for the administrative user:

SQL Server:

  • OneIMAdminRole_<DatabaseName> server role

    • alter any server role permissions

      The permissions are required to create the server role for the configuration user.

    • view any definition permissions

      The permissions are required to link the SQL logins for the configuration user and the end user with the corresponding database users.

  • <DatabaseName>_Admin SQL login

    • Member of the OneIMAdminRole_<DatabaseName> server role

    • view server state permissions with the with grant option option and alter any connection permissions with the with grant option option.

      The permissions are required to check connections and close these if necessary.

master database:

  • OneIMRole_<DatabaseName> database role

    • Run permissions for the xp_readerrorlog procedure

      The permissions are required to find out information about the database server's system status.

  • OneIM_<DatabaseName> database user
    • Member of the OneIMRole_<DatabaseName> database role

    • The database user is assigned to the <DatabaseName>_Admin SQL login.

One Identity Manager database:

  • Admin database user

    • Member in db_owner database role

      The database role is required to update a database with the Configuration Wizard.

    • The database user is assigned to the <DatabaseName>_Admin SQL login.

Permissions for configuration users

During the installation of the One Identity Manager database with the Configuration Wizard, the following principal elements and permissions are created for configuration users:

SQL Server:

  • OneIMConfigRole_<DatabaseName> server role

    • view server state and alter any connection permissions

      The permissions are required to check connections and close these if necessary.

  • <DatabaseName>_Config SQL login

    • Member of the OneIMConfigRole_<DatabaseName> server role

One Identity Manager database:

  • OneIMConfigRoleDB database role

    • Create Procedure, Delete, Select, Create table, Update, Checkpoint, Create View, Insert, Run, and Create function permissions for the database

  • Config database user

    • Member of the OneIMConfigRoleDB database role

    • The database user is connected with the <DatabaseName>_Config SQL login.

Permissions for end users

The following principals are created with the permissions for end users during the installation of the One Identity Manager database with the Configuration Wizard:

SQL Server:

  • <DatabaseName>_User SQL login

One Identity Manager database:

  • OneIMUserRoleDB database role

    • Insert, Update, Select, and Delete permissions for selected tables in the database

    • View Definition permissions for the database

    • Run and References permissions for individual functions, procedures, and types

  • User database user

    • Member of the OneIMUserRoleDB database role

    • The database user is connected with the <DatabaseName>_User login.

Requirements for Amazon Relational Database Service as database system

The following requirements and limitations apply to the use of Amazon RDS as a database system.

  • If you use Amazon RDS as the database system, you must supply a database. There is no support for creating a new database in Amazon RDS with the Configuration Wizard.

  • The granular permissions concept is not supported.

Minimum system requirements for administrative workstations

One Identity Manager administration and configuration tools are installed on an administrative workstation in order to edit and display data.

The following system prerequisites must be fulfilled before installing the One Identity Manager components on an administrative workstation.

Table 10: Minimum system requirements - administrative workstations

Processor

4 physical cores 2 GHz+

Memory

4 GB+ RAM

Hard drive storage

1 GB

Operating system

Windows operating systems

Following versions are supported:

  • Windows 11 (x64)

  • Windows 10 (32-bit or 64-bit) at least version 1511

Additional software

  • Microsoft .NET Framework version 4.8 or later

  • Microsoft Edge WebView2

Supported browsers

  • Firefox (release channel)

  • Chrome (release channel)

  • Microsoft Edge (release channel)

Minimum system requirements for Job servers

The One Identity Manager Service enables the distribution throughout the network of information that is administrated in the One Identity Manager database. The One Identity Manager Service performs data synchronization between the database and any connected target systems and runs actions at the database and file level.

You install the One Identity Manager Service on a server. A server running the One Identity Manager Service is subsequently called the Job server.

The following system prerequisites must be fulfilled to install the One Identity Manager Service on a server.

Table 11: Minimum system requirements - Job server

Processor

8 physical cores 2.5 GHz+

Memory

16 GB RAM

Hard drive storage

40 GB

Operating system

Windows operating systems

The following versions are supported:

  • Windows Server 2022

  • Windows Server 2019

  • Windows Server 2016

  • Windows Server 2012 R2

  • Windows Server 2012

Linux operating systems

  • Linux operating system (64-bit), supported by the Mono project, or Docker images provided by the Mono project.

Additional software

Windows operating systems

  • Microsoft .NET Framework version 4.8 or later

    NOTE: When connecting the target system, refer to the target system manufacturer's recommendations.

Linux operating systems

  • Mono 6.10 or later

    NOTE: It might be necessary to set the MONO_PATH environment variable explicitly to the current install directory to ensure that all referenced assemblies can be loaded.

Related topics
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択