Chat now with support
Chat with Support

Identity Manager 8.1.5 - Web Portal User Guide

Getting started Security keys (WebAuthn) Requests Attestation Compliance Responsibilities
My responsibilities
Employees System entitlements Business roles System roles Departments Cost centers Locations Application roles Resources Assignment resources Multi-request resources Multi-requestable/unsubscribable resources Software Devices Adding tags for service items
Task delegation Ownerships Auditing Governance administration
Applications Calls Settings Discovering your statistics on the start page

Adding entitlements

NOTE: This function is only available if the module Identity Management Base Module, Business Roles Module or System Roles Module is installed.

Entitlements are items to which an employee belongs or is assigned, such as groups, accounts, roles, applications, and so on. You can add entitlements to organizations or roles for which you are responsible, and have the required access. The types of entitlements available depend on the systems in use in your company. When you add an entitlement, it is treated like a request, and you must process it using your cart. There are two ways for an employee to obtain entitlements.

  • By making a request which is approved.
  • Indirectly, by being assigned a role or belonging to an organization that has been assigned the entitlement.

NOTE: In order to set permissions for organizations, business, or system roles in the Requests menu, the appropriate settings have be made in the Manager.

To add entitlements

  1. Perform one of the following tasks:

    1. Open Business Roles and select a business role.

    2. Open the System Roles menu and select a system role.

    3. Open Department and select a department.

    4. Open Cost Center and select a cost center.

    5. Open Locations and select a location.

  2. Select Entitlements and click New.

  3. Select a type of entitlement and click Request.

    Your shopping cart appears. For more information, see Shopping cart.

Deleting entitlements

In the Entitlements view of a responsibility you can delete entitlements in the same manner.

To delete an entitlement

  1. Perform one of the following tasks:

    1. Open Business Roles and select a business role.

    2. Open the System Roles menu and select a system role.

    3. Open Department and select a department.

    4. Open Cost Center and select a cost center.

    5. Open Locations and select a location.

  2. Select Entitlements and click Remove entitlement.

Splitting a role

The original idea behind splitting a role is to take assignments from role A and transfer them to role B. An example of role splitting could be, if memberships assigned to role B have less entitlements as memberships assigned to role A.

By splitting role A assigned memberships and individual entitlements of role A can be retained, moved, or copied to role B.

Any combination of role types is allowed.

To split a role

  1. Perform one of the following tasks:

    • Open Business Roles and select a business role.

    • Open the System Roles menu and select a system role.

    • Open Department and select a department.

    • Open Cost Center and select a cost center.

    • Open Locations and select a location.

  2. Select Split.

    This opens a dialog. New role data is shown.

  3. Configure the following in New role data and click Next.

    Fields marked with * are compulsory.

    Table 54: Settings in the view "New role data"

    Role type

    Setting

    Description

    All

    Type of the new role

    Menu for selecting a type for the new role

    The following object types are available in the Web Portal.

    All

    Department / Business role / Cost center / Location *

    Field for the new role's name

    A name must be entered for every role type.

    All

    Short name

    Text box for entering a short name for the role.

    This is compulsory (*) for the role type 'cost center'.

    Department

    Object ID

    Field for an object ID for the new role

    Location / business role

    Location

    Field for entering a location

    Business role

    Internal name

    Field for an internal name for the business role

    Location

    Name

    Field for entering the location's name

    Department / Business role / Cost center / Location

    Manager

    Menu for selecting a manager responsible

    Department

    Deputy manager

    Menu for selecting a deputy manager

    Business role

    Role class *

    Role class menu

    Business role / Cost center / Location *

    Deputy manager

    Menu for selecting a deputy manager

     

    Employees do not inherit is also available.

    Department

    Parent department / Attestor / Cost center / Role approver / Role approver (IT)

    Menu for selecting the respective settings

    Business role

    Parent business role / Role type / Role approver / Role approver (IT)

    Menus for selecting the respective settings

    Cost center

    Parent cost center / Attestor / Department / Role approver / Role approver (IT)

    Menus for selecting the respective settings

    Location

    Parent location / Attestor / Department / Cost center /Role approver / Role approver (IT)

    Menus for selecting the respective settings

    All

    Description

    Field for more detailed description

    Business role

    Comment

    Field for additional comments

    After clicking Next, the Splitting view opens. The view is divided in to the sections No change, Copy to new role and Move to new role, which a differentiated by color.

    All memberships assigned to role A are listed in Copy to new role. Assigned members are copied to the new role by default. This means, they are contained in role A and in role B after splitting.

    However, You can copy or move these members to the new role or retain them. The following edit options are available. Edit option also apply to assigned entitlements.

    Table 55: Assignment edit options and effects on role A and role B

    Section

    Action

    Significance

    No change / Copy to new role / Move to new role

    Keep this assignment.

    The entitlement / membership remains in role A.

    Keep and copy to new role.

    The entitlement / membership is copied to role B. It is now in role A and in role B.

    Move to the new role.

    The entitlement / membership is moved to role B. It is now in role B but not in role A.

  4. Configure the assigned memberships and entitlements by navigating to an object, an employee in Copy to new role, for example, and clicking .

  5. Select one of the following actions from the menu:

    • Keep this assignment.

    • Keep and copy to new role.

    • Move to the new role.

  6. Click Next:

    The Verify view is displayed and lists the actions that are set.

  7. You can deselect individual actions if you do not want to run them all.

  8. Click Next.

    Save changes to the script. This opens Results.

  9. Close the dialog.

Compliance

In the My Responsibilities menu, you can view the business role compliance rule violations for which you are responsible.

To view compliance rule violations

  1. Open the Business Roles menu and select a business role.
  2. Click Compliance.

    This displays the Compliance view. If rule violations exist, they are listed.

    The following information appears:

    Table 56: The "Compliance" view

    Columns

    Description

    Permission

    Name of permissions that caused the rule violation.

    Rule

    Name of the rule that caused the rule violation.

    Risk index

    Shows the calculated risk index.

    Risk index (reduced)

    Shows the risk index reduced by the mitigating control.

    In the main content view, other details about the marked compliance rule violations are displayed, such as, a description and the object class.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating