You can use the Analyzer to create new business roles and assign identities directly to them or move identities and permissions into specific business roles.
To transfer changes to the One Identity Manager database
-
In the Analyzer, in the hierarchy mark the business roles you want to transfer.
Use the Insert and Recursive context menu items to do this. You can delete individual business roles from the data transfer using the Remove context menu item.
-
Select Database > Commit to database from menu to start the data transfer wizard and click Next to continue.
-
On the Save options page, you specify the following settings:
-
Role class: Select the role class under which the business roles will be created in the One Identity Manager database.
Click the button next to the menu to create a new role class.
-
Select the save options.
-
Delete existing objects in role class: This option deletes existing objects in the selected role class from the One Identity Manager database.
-
Business roles do not inherit: This option disables inheritance of assignments by business roles.
NOTE: Once you have checked the assignments, remove the Identities do not inherit option from the business roles. Use the Manager program to do this.
-
Delete direct assignments: This option removes direct permissions assignments to the identities’ user accounts.
CAUTION: Only set this option if you have ensured that the permissions are inherited by the identities through business roles. Otherwise this option results in a loss of permissions.
-
Attest new roles: New business roles must go through an attestation case.
NOTE: This function is only available if the Attestation Module is installed.
-
-
-
Click Finished to save the data.