지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 8.2 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Authenticating other applications using OAuth 2.0/OpenID Connect Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Permissions for tables and columns

In the Designer, you can edit permissions using the Permissions Editor. You can also simulate the permissions for the individual system users in the Permissions Editor.

With the Permissions Editor, you can:

  • Grant permissions for custom tables and custom columns to custom permissions groups

  • Grant permissions for predefined tables and predefined columns in the One Identity Manager schema to custom permissions groups

  • Grant permissions for custom tables and custom columns to predefined permissions groups

Permissions of predefined permissions groups for predefined tables and predefined columns of the One Identity Manager schema cannot be changed

For custom schema extensions, use the Schema Extension program to specify permissions groups. A permissions group is given read and write permissions as well as a permissions group with read-only permissions. This make initial access to the custom schema extensions possible with the One Identity Manager administration tools.

Detailed information about this topic

Displaying permissions of a permissions group

To display all permissions for a permission group

  1. In the Designer, select the Permissions category.

  2. Start the Permissions Editor using the Edit permissions task.

  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group whose permissions you want to display.

    The tables and columns of the One Identity Manager schema and the permissions of the selected permissions group are displayed in the upper area of Permissions Editor. Use the following Permissions Editor options to adjust the layout.

    • To display tables with permissions first, enable the Options > Permissions sort order menu.

    • To display disabled tables and columns, enable the Options > Show disabled tables menu.

    • To use the display names of the tables and columns, enable the Options > Display name menu.

    • To limit the display of the tables, use the Show system tables, Show non-system tables, and Show all tables menu items in the Options menu. Alternatively, use the Define filter or Manage filters menu items to define your own user-defined filters for displaying the tables and columns.

      For more information about working with user-defined filters in the Designer, see One Identity Manager User Guide for One Identity Manager Tools User Interface.

Displaying permissions for tables

In the Permissions Editor, the Summary of all permissions view displays the permissions groups that have permissions for the selected column. The permissions in this view cannot be edited.

NOTE: To display the Summary of all permissions view, go to the Permissions Editor and enable View > Object permissions menu. The view is displayed in the lower area of the Permissions Editor.

To display all permissions for a table and its columns

  1. In the Designer, select the table in the Permissions > By tables category.

  2. Start the Permissions Editor using the Edit permissions for table task.

    The Summary of all permissions view displays the permissions groups that have permissions for the selected table.

    TIP: To display a permissions filter completely, click a condition in the view.

  3. (Optional) To display all the column permissions, open the table entry in the upper part of the Permissions Editor and select a column.

    The Summary of all permissions view displays the permissions groups that have permissions for the selected column.

Editing table permissions

Use the table permissions to grant permissions to display, insert, edit, and delete the objects. You can define conditions to further limit the permissions for the objects. You can use the conditions, for example, to link the editability of the employees to their last names. For instance, users can be given read-only access to the employees whose last names begin with A-F, whereas they can edit employees with last names beginning with G-Z.

NOTE: Permissions are always edited in the Permissions Editor for the permissions group that you selected in the Permissions Editor toolbar in the Permissions group menu. If you wish to grant permissions for another permissions group, first select this permissions group in the menu and then edit the permissions.

To edit the table permissions for a permissions group

  1. In the Designer, select the Permissions category.

  2. Start the Permissions Editor using the Edit permissions task.

  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group for which you want to grant the permissions.

  4. Select the table at the top of the Permissions Editor.

    TIP: Use Shift + select or Ctrl + select to select multiple tables.

  5. In the Permissions section, edit the permissions for the permissions group.

    • To insert new permissions, select the New context menu and enable the associated check boxes. Grant the following permissions:

      • Viewable: The table data is displayed.

      • Insertable: New data can be added to the table.

      • Editable: Table data can be edited.

      • .Deletable: Table data can be deleted

      NOTE: If you grant the Insertable, Editable, or Deletable permissions, the Viewable permission is also granted.

    • To withdraw permissions, disable the associated checkbox.

    • Use the Delete context menu, to withdraw all permissions from a table.

  6. (Optional) To specify other conditions for table permissions, go to the lower part of the Permissions Editor and switch to the Group permissions for table view and select the Permissions filter tab.

    NOTE: You can only define permissions filters for the tables that map application data.

    • Enter the conditions as valid WHERE clauses for database queries. You can enter the following permissions filters.

      • Viewing Condition: Limiting condition for displaying data sets.

      • Edit condition: Limiting condition for editing data sets.

      • Insert condition: Limiting condition for inserting data sets.

      • Deletion condition: Limiting condition for deleting data sets.

      Example: Permissions filter

      A user should be able to see all employees, but only edit the employees whose last names begin with B. Specify the limiting edit condition as follows, for example:

      Lastname like 'B%'

      TIP: Use the SQL check button to test the condition. This checks the syntax. The number of objects that match the condition is returned.

  7. Select the Database > Save to database and click Save.

Related topics

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택