In Manager, select the navigation item "One Identity Manager Administration"
Expand "Custom", Right click and select "New"
Provide a name for the role "Designer Access" or "Elevated Permissions", etc. Click "Save" when done.
Next, right click on the white space, and select "Properties"
Copy the AERole UID
For the employees that need access, open the Employee, and select the option "Assign One Identity Manager Application Roles"
Expand "Custom" | "". Double click and select "Save"
To make sure that it’s assigned, you can run the below query:
select UID_Person from PersonInAERole where UID_AERole = ''
To add permissions to this role, open Designer, select “Base Data” and expand “Security Settings” | “Programs”
Select the application that you want the user to have access to with a System User
Under the “Properties”, open to edit the “Configuration Data”.
1. You’ll want to enter a “Dialog User” (system user) that you want to be dynamically assigned to employees who log into Manager.
2. The “selection” is how you filter who gets the system user assigned.
DialogUserDetect>
Usermappings>
Usermapping
DialogUser = "viadmin"
Selection = "select 1 where %uid% in (select UID_Person from PersonInAERole where UID_AERole = ‘The UID from Earlier’)"/>
Usermappings>
DialogUserDetect>
You might also need to empty the “Initial Data” field of the authentication module. To do this:
“Base Data” | “Security Settings” | “Authentication Modules” | “Employee (Dynamic)”
For any employee that has the Application Role assigned, can now open Designer, and use the authentication module “Employee (Dynamic)”
Once logged in, you can see the Employee in the bottom, and if you double click on the employee, you’ll see that they have the System User assigned:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center