Use this task to obtain an overview of the most important information about a group.
To obtain an overview of a group
In the Manager, select the Custom Target Systems > <target system> > Groups category.
Select the group in the result list.
Select the Group overview task.
Groups and system entitlements represent the objects used in the target system to control access to target system resources. A user account obtains the required permissions for accessing target system resources through its memberships in groups and system entitlements.
To create a system entitlement
In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.
Click 
On the main data form, edit the system entitlement's main data.
To edit the main data of a system entitlement:
In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.
Select the system entitlement in the result list.
Select the Change main data task.
On the main data form, edit the system entitlement's main data.
Enter the following main data for a system entitlement.
|
Property |
Description |
|---|---|
|
Name |
Name of the system entitlement. |
|
Canonical name |
The canonical name is generated automatically and should not be changed. |
|
System entitlement type |
Details of the system entitlement type. |
|
Distinguished name |
The distinguished name is determined using a template and must not be changed. |
|
Object GUID |
Unique ID used for managing the object in the target system. |
|
Display name |
The display name is used to display the system entitlement in the One Identity Manager tools' user interface. |
|
Target system |
Name of the target system. |
|
Container |
Container in which the system entitlement is added. |
|
Service item |
Service item for requesting the system entitlement through the IT Shop. |
|
Risk index |
Value for evaluating the risk of assigning the system entitlement to user accounts. Set a value in the range 0 to 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set. For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
|
Category |
Category for inheriting system entitlements. User accounts can inherit system entitlements selectively. To do this, system entitlements and user accounts are divided into categories. Select one or more categories from the menu. |
|
Description |
Text field for additional explanation. |
|
IT Shop |
Specifies whether the system entitlement can be requested through the IT Shop. If this option is set, the system entitlement can be requested by the employees through the Web Portal and distributed with a defined approval process. The system entitlement can still be assigned directly to user accounts and hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the system entitlement can only be requested through the IT Shop. If this option is set, the system entitlement can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the system entitlement to hierarchical roles or user accounts is not permitted. |
|
Read-only memberships |
Specifies whether memberships are read-only. For example, dynamic groups. The memberships are regulated by the target system. Manual changes to memberships in One Identity Manager are not permitted. |
System entitlements can be members of other system entitlements. This means that the system entitlements can be hierarchically structured. You can only assign system entitlements of the same type and the same target system.
To assign system entitlements as members to a system entitlement
In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.
Select the system entitlement in the result list.
Select the System entitlements 1 overview task, System entitlements 2 overview task, or System entitlements 3 overview task to match the selected system entitlement.
Select the Has members tab.
In the Add assignments pane, assign the child system entitlements.
TIP: In the Remove assignments pane, you can remove system entitlement assignments.
To remove an assignment
Select the system entitlement and double-click 
To add a system entitlement as a member to another system entitlement
In the Manager, select the Custom Target Systems > <target system> > System entitlements 1 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 2 category.
- OR -
In the Manager, select the Custom Target Systems > <target system> > System entitlements 3 category.
Select the system entitlement in the result list.
Select the System entitlements 1 overview task, System entitlements 2 overview task, or System entitlements 3 overview task to match the selected system entitlement.
Select the Is member of tab.
In the Add assignments pane, assign the parent system entitlements.
TIP: In the Remove assignments pane, you can remove system entitlement assignments.
To remove an assignment
Select the system entitlement and double-click
© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center
