Identity Manager 8.2 - Authorization and Authentication Guide

NOTE: Application roles are dependent on the target system and are contained in One Identity Manager modules. Application roles are not available until the modules are installed.

The following application roles are available for target system administration:

Table 11: Application roles for target systems
Application role	Tasks
Administrators	Target system administrators must be assigned to the Target systems \| Administrators application role. Users with this application role: Administer application roles for individual target system types. Specify the target system manager. Set up other application roles for target system managers if required. Specify which application roles for target system managers are mutually exclusive. Authorize other employees to be target system administrators. Do not assume any administrative tasks within the target system.
Target system managers	Target system managers must be assigned to the Target systems \| <target system> application role or a child application role. NOTE: There is at least one application role per target system for target system managers. This application role is available if the target system module is installed. Users with this application role: Assume administrative tasks for the target system. Create, change, or delete target system objects. Edit password policies for the target system. Prepare system entitlements to add to the IT Shop. Can add employees who have another identity than the Primary identity. Configure synchronization in the Synchronization Editor and define the mapping for comparing target systems and One Identity Manager. Edit the synchronization's target system types and outstanding objects. Authorize other employees within their area of responsibility as target system managers and create child application roles if required.
Target system managers for Unified Namespace	Target system managers must be assigned to the Target systems \| Unified Namespace application role or a child application role. Users with this application role: Obtain view of the objects in the connected target systems across all target systems. Can create reports across all target systems. If the users are also target system managers of the basic underlying target systems, you can manage these target systems through the Unified Namespace.

Application roles for Universal Cloud Interface

NOTE: Application roles are available if the Universal Cloud Interface Module is installed.

The following application roles are available for managing cloud systems.

Table 12: Application roles for Universal Cloud Interface
Application role	Tasks
Cloud administrators	Cloud administrators must be assigned to the Universal Cloud Interface \| Administrators application role or a child application role. Users with this application role: Manage application roles for the Universal Cloud Interface. Set up other application roles as required. Configure synchronization in the Synchronization Editor and define the mapping for comparing cloud applications and One Identity Manager. Edit cloud application in the Manager. Edit pending, manual provisioning processes in the Web Portal and obtain statistics. Obtain information about the cloud objects in the Web Portal and the Manager.
Cloud operators	The cloud operators must be assigned to the Universal Cloud Interface \| Operators application role or a child application role. Users with this application role: Edit pending, manual provisioning processes in the Web Portal and obtain statistics.
Cloud auditors	The cloud auditors must be assigned to the Universal Cloud Interface \| Auditors application role or a child application role. Users with this application role: Can view manual provisioning processes in the Web Portal and obtain statistics.

Application role for Privileged Account Governance

NOTE: This application role is available if the module Privileged Account Governance Module is installed.

Table 13: Application role for Privileged Account Governance
Application role	Description
Asset and account owners	Owners of privileged objects, such as PAM assets, PAM asset accounts, PAM directory accounts, PAM asset groups, and PAM account groups must be assigned to an application role under the Privileged Account Governance \| Asset and account owners application role. Users with this application role: Make decisions about requesting access requests for privileged objects. Attest the possible user access to these privileged objects.

Application roles for Application Governance

NOTE: This application role is available if the module Application Governance Module is installed.

Table 14: Application roles for Application Governance
Application role	Tasks
Administrators	Administrators must be assigned to the Application Governance \| Administrators application role. Users with this application role: Create new business applications in the Web Portal. Manage all business applications in the Web Portal.
Owner	The owners of business applications must be assigned to the Application Governance \| Owners application role. Users with this application role: Can edit business applications that they manage in the Web Portal.
Approver	Approvers must be assigned to the Application Goverance \| Approvers application role. Users with this application role: Approve requests for business application products.

제품을 선택하십시오.

더 나은 서비스 제공을 위해 채팅 목적을 작성해 주십시오.

문제에 대한 권장 솔루션

Identity Manager 8.2 - Authorization and Authentication Guide

Application roles for target systems

Application roles for Universal Cloud Interface

Application role for Privileged Account Governance

Application roles for Application Governance