Moving responsibilities
NOTE: This function is only available if the module Active Directory Module is installed.
 
In the System entitlements menu, you can move all owners of a role to a new owner role.
To change the product owner of an Active Directory.
- 
Open System entitlements and select the required Active Directory group. 
- 
Select Owner and click Move ownership. This opens Move ownership to new owner role with the note that a new owner role will be added. 
- 
Set Move all owners in the dialog if you want to move all owner to the new role. 
 
    Attestors
In System entitlements, you can change attestors at Active Directory groups.
But you can also create a new attestor or move responsibilities.
NOTE: Before you can assign a new attestor, you must add a new application role.
 
To assign an attestor to an Active Directory group
- 
Open System entitlements and select the required Active Directory group. 
- 
Select Attestors. 
- 
Perform one of the following tasks: 
- 
Click Change. 
- 
Select another attestor from the list. - OR - 
 
- 
Click New. 
- 
Enter a name for the new application role and a reason for creating it. 
- 
Select an attestor using the Assign link and the new application role using the Attestor link. 
 
 
    Usage
Roles are used to help manage assignments to employees. For example, instead of assigning many resources separately to an employee, you can add them to a role that inherits the proper assignments from a role class. A role class is the highest level, and roles can be nested in it. In Usage, you see all role members that can be a member of the selected entry. If you select a role class, you can view all the members with a role.
Information is displayed as a hierarchical chart, so you can drill in and see the role inheritance.
MOBILE: This function is not available in the mobile interface.
 
To view employee assignments of a role class
- 
Perform one of the following tasks: 
- 
Open System entitlements and select a system entitlement. 
- 
Open Business Roles and select a business role. 
- 
Open System Roles and select a system role. 
- 
Open Department and select a department. 
- 
Open Cost Center and select a cost center. 
- 
Open Locations and select a location. 
- 
Open One Identity Manager Applications and select the required application role. 
- 
Open Resources and select a resource. 
- 
Open Software and select a software application. 
 
- 
Select Usage. 
- 
Select a role class. This displays employee assignments for the selected role class. 
- 
Open the legend for the selected role class with More information. 
 
    Child groups
Some groups own group memberships. The Child groups view is only available for these groups. Not only do you have an overview of existing group memberships, you can also add them. For this, you assign a child group to the selected group. The following groups can, for example, own group memberships or allow assignment of child groups.
- 
Active Directory groups 
- 
LDAP groups 
- 
Notes groups 
- 
Custom target system 
In the following step-by-step, adding a group membership is described on the basis of an Active Directory group.
To assign a child group to a group
- 
Open System entitlements and select an Active Directory group. 
- 
Select Child groups and click New child group. 
- 
Select a child group using Assign and save it. The selected child group is displayed in Child groups.