Program functions are part of the permission model in One Identity Manager. They allow you to enable and disable functionality. Program functions are not assigned to single users but to permissions groups. The set of program functions defined for a user is determined by their permissions groups and the program functions contained in them.
One Identity Manager tools can only be started if the user has the relevant program function permissions. Furthermore, some functions in the One Identity Manager tools are available only if the program functions are assigned to the current user. This includes data export from the Manager, calling the SQL Editor in the Designer or showing DBQueue Processor information in all programs, as examples.
Detailed information about this topic
To identify the program functions available to the current user:
-
To display user information, double-click the icon in the program status bar 
The Program functions tab shows the program functions that are available.
To assign a program function to permissions groups
-
In the Designer, select the Permissions > Program functions category.
-
Select the View > Select table relations menu item and enable the DialogGroupHasFeature table.
-
In the List Editor, select the program function.
-
Assign the permissions group in the Permissions groups edit view.
-
Select the Database > Save to database and click Save.
Related topics
The basic permissions for running scripts are granted to the logged in user by the Common_StartScripts program function.
If a script is assigned a program function (QBMScriptHasFeature table), users can only run this script if they have the necessary permissions groups. An error occurs if the user does not own this program function and tries to run it.
To control how a script is run using a program function
-
Create a new program function.
-
In the Designer, select the Permissions > Program functions category.
-
Select the Object > New menu item.
-
Enter the following information:
-
Program function: Name of the program function.
-
Description: Short description of the program function.
-
Function group: Property for grouping program functions.
-
Connect the program function with the scripts that the user are allowed to trigger.
-
In the Designer, select the Permissions > Program functions category.
-
Select the View > Select table relations menu item and enable the QBMScriptHasFeature table.
-
In the List Editor, select the newly created program function.
-
In the Scripts edit view, assign the scripts.
-
Assign the required program functions to the custom permissions group whose systems users will run these scripts.
-
In the Designer, select the Permissions > Program functions category.
-
Select the View > Select table relations menu item and enable the DialogGroupHasFeature table.
-
In the List Editor, select your newly created program function.
-
In the List Editor, use Ctrl + select to select your new program function and the Common_StartScripts program function.
-
Assign the permissions group in the Permissions groups edit view.
-
Select the Database > Save to database and click Save.
Related topics
