Assigning system roles to business roles
NOTE: This function is only available if the Business Roles Module is installed.
Assign the system role to business roles so that the system role can be assigned to identities and workdesks through business roles.
To assign a system role to business roles
-
In the Manager, select the Entitlements > System roles category.
-
Select the system role in the result list.
-
Select the Assign business roles task.
-
In the Add assignments pane, select the role class and assign business roles.
TIP: In the Remove assignments pane, you can remove assigned business roles.
To remove an assignment
- Save the changes.
NOTE: In order for company resources assigned to the system role to be inherited by business roles, role classes must have the Direct assignments allowed option set. For more information about setting this option, see the One Identity Manager Business Roles Administration Guide.
Related topics
Adding system roles to the IT Shop
A system role can be requested by shop customers when it is assigned to an IT Shop shelf. There are other prerequisites to take into account so that a system role can be requested.
-
The system role have the IT Shop option set.
-
The system role must be assigned to a service item.
-
If the system role can only be assigned to identities using IT Shop requests, the system role must be also labeled with Only use in IT Shop. Then, the system role may no longer be assigned directly to hierarchical roles.
To add a system role to the IT Shop
-
In the Manager, select the Entitlements > System roles category.
-
Select the system role in the result list.
-
Select Add to IT Shop.
-
In the Add assignments pane, assign the system role to IT Shop shelves.
- Save the changes.
To remove a system role from individual IT Shop shelves
-
In the Manager, select the Entitlements > System roles category.
-
Select the system role in the result list.
-
Select the Add to IT Shop task.
-
In the Remove assignments pane, remove the system role from the IT Shop shelves.
- Save the changes.
To remove a system role from all IT Shop shelves
-
In the Manager, select the Entitlements > System roles category.
-
Select the system role in the result list.
-
Select the Remove from all shelves (IT Shop) task.
- Confirm the security prompt with Yes.
-
Click OK.
The system role is removed from all shelves by the One Identity Manager Service. All requests and assignment requests with this system role are canceled in the process.
For more information about the IT Shop, see the One Identity Manager IT Shop Administration Guide.
Related topics
Assigning system roles directly to identities
System roles can be assigned directly or indirectly to identities. Indirect assignment is carried out by allocating the identity and system roles in company structures, like departments, cost centers, locations, or business roles.
To react quickly to special requests, you can assign system roles directly to identities. The identities obtain all company resources assigned to the system role.
NOTE: If the system role is disabled or if the share date is still in the future, the company resources are not inherited.
To assign a system role directly to identities
-
In the Manager, select the Entitlements > System roles category.
-
Select the system role in the result list.
-
Select the Assign to identities task.
-
In the Add assignments pane, add identities.
TIP: In the Remove assignments pane, you can remove assigned identities.
To remove an assignment
- Save the changes.
Related topics
Assigning system roles directly to workdesks
System roles can be assigned directly or indirectly to a contact. Indirect assignment is carried out by allocating the workdesk and system roles in company structures, like departments, cost centers, locations, or business roles.
To react quickly to special requests, you can assign system roles directly to workdesks. The workdesks obtain all company resources assigned to the system role.
NOTE: The company resources are not inherited if the system role is disabled or if the share date is still in the future.
To assign a system role directly to workdesks
-
In the Manager, select the Entitlements > System roles category.
-
Select the system role in the result list.
-
Select the Assign workdesks task.
-
In the Add assignments pane, assign workdesks.
TIP: In the Remove assignments pane, you can remove assigned workdesks.
To remove an assignment
- Save the changes.
Related topics