By simulating the permissions in the Permissions Editor, you can see which permissions a system user has based on their permissions group. You can specify which permissions groups of a system user to include in the simulation. The result displayed shows which of the selected permissions groups has which table permissions and column permissions. Effective permissions for the system user are also displayed.
NOTE: Simulation mode remains active until you end it. In simulation mode, you can edit permissions group permissions and update simulation data.
To run a simulation:
-
In the Designer, select the Permissions category.
-
Start the Permissions Editor using the Edit translation in database task.
-
From the Simulation > Start simulation menu, start the simulation wizard.
-
On the start page of the wizard, click Next.
-
On the Simulation base configuration page, select the following data.
-
User: Select the system user whose permissions you want to simulate.
-
Direct groups: Use this button to select all permissions groups that are directly assigned to the system user.
-
All groups: Use this button to select all permissions groups that are directly assigned to the system user as well as all permissions groups that the system user inherits indirectly.
-
Permissions groups: Select individual permissions groups directly. Use Ctrl + select to select multiple permissions groups.
-
-
On the Simulation configuration page, specify the tables for which the permissions are simulated.
-
In the Selected tables pane, all tables of the One Identity Manager schema are selected. If necessary, limit the selection to individual tables. Click None to undo the selection. Use Shift + select to select individual tables.
-
Using the Context table menu, you can specify a table from which you can view the resulting implicit permissions for the foreign key columns display values.
Example:
For the Employee table, viewing permissions have been assigned to the UID_Org column. As a result, viewing permissions are implicitly assigned to columns of the Org table that are used as a display template, for example, Org.Ident_Org.
To simulate this example, select the Employee table under Context table and the Org table under Selected tables.
-
-
The processing progress of the simulation is displayed on the Simulation page. The simulation process can take some time.
-
To end the wizard, click Finish on the last page.
After you complete simulation wizard, the system user's effective table permissions and column permissions are displayed in the upper part of the Permissions Editor in the Simulation view.
-
To determine which table permission or column permission results from which of the system user's permissions groups, select the table or column in the upper part of the Permissions Editor.
The permissions and permissions groups are displayed in the Permissions simulation view in the lower part of the Permissions Editor.
-
To end the simulation mode, select the Simulation > End simulation menu.
The simulation data is deleted and the Permissions simulation view is closed.