Performing full synchronization through Catalog Page
The configuration parameter page_load_data_from_oneim_server_full_load is used for performing full synchronization on the page load. This parameter takes Boolean value (default value is false) and setting the value to true would perform a full sync.
NOTE: Full synchronization should not be performed on the catalog page since it will lead to significant performance degradation. Full synchronization should be done only through the job service described earlier. Full synchronization through catalog page should be used only for testing purposes.
Performing delta synchronization through Catalog Page
The configuration parameter page_load_data_from_oneim_server_delta_load is to configure delta synchronization on the catalog page. This parameter takes a Boolean value and setting the value to true would perform a delta synchronization if the catalog page full synchronization is not enabled.
Once the catalog page delta synchronization configuration parameter is configured, the additional delta synchronization configuration parameters delta_load_data_from_oneim_server_persons, delta_load_data_from_oneim_server_service_items also need to be configured to define which objects should be delta synchronized. These parameters have already been explained earlier.
Roles and Permissions
Details of the roles that are currently supported by the One Identity Manager for Service Catalog App are explained below.
-
x_oni_oneim_addon.admin – This is the One Identity Manager for Service Catalog App Administrator role. Just like the SysAdmin, these users can request service items for any user that has a matching identity record in One Identity Manager. It is the responsibility of the SysAdmin to assign this role to appropriate users. Users with this Role would be able to view the application in the application navigator and will have Read/Write access to all the application tables.
-
x_oni_oneim_addon.businessuser – This is the One Identity Manager for Service Catalog application business user role. These users can request service items only for themselves. All users synchronized into ServiceNow from One Identity Manager will be assigned to this role.
Schedule job OneIdentity Manager user permissions required
Currently we support DialogUser authentication module and following are the minimum permissions required for the system user:
Approver roles
Once an IT shop request is created, it follows the defined approval process. If manager approval is enabled in configuration parameters, the request is routed to the manager for approval. The manager needs an appropriate role such as the approver_user role, to be able to approve or reject the IT Shop request.