To edit system roles
-
Select the Entitlements | System Roles category.
-
Select the system role in the result list. Select the Change master data task.
- OR -
Click
in the result list.
-
Edit the system role's master data.
- Save the changes.
To edit system roles
Select the Entitlements | System Roles category.
Select the system role in the result list. Select the Change master data task.
- OR -
Click
Edit the system role's master data.
Enter the following data for a system role.
|
Property |
Description |
|---|---|
|
Display name |
Name for displaying the system roles in One Identity Manager tools. |
|
System role |
Unique identifier for the system role. |
|
Internal product name |
An additional internal name for the system role. |
|
System role type |
Specifies the type of company resources, which comprise the system role. |
|
Service item |
In order to use a service item within the IT Shop, assign a service item to it or add a new service item. For more information about service items, see the One Identity Manager IT Shop Administration Guide. |
|
System role manager |
Manager responsible for the system role. Assign any new employee. This employee can edit system role master data. They can be used as attestors for system role properties. If the system role can be requested in the IT Shop, the manager will automatically be a member of the application role for product owners assigned the service item. |
|
Share date |
Specify a date for enabling the system role. If the date is in the future, the system role is considered to be disabled. If the date is reached, the system role is enabled. Employees inherit company resources that are assigned to the system role. If the share date is exceeded or no date is entered, the system role is handled as an enabled system role. Company resource inheritance can be controlled with the Disabled option in these cases. NOTE: Configure and enable the Share system roles schedule in the Designer to check the share date. For detailed information about schedules, see the One Identity Manager Operational Guide. |
|
Risk index (calculated) |
Maximum risk index values for all company resources. The property is only visible if the QER | CalculateRiskIndex configuration parameter is enabled. For detailed information about calculating the risk index, see the One Identity Manager Risk Assessment Administration Guide. |
|
Comment |
Text field for additional explanation. |
|
Remarks |
Text field for additional explanation. |
|
Description |
Text field for additional explanation. |
|
Deactivated |
Specifies whether employees and workdesks inherit the company resources contained in the system role. If this option is set, the system role can be assigned to employees, workdesks, hierarchical roles, and IT Shop shelves. However they cannot inherit the company resources contained in the system role. The system role cannot be requested in the Web Portal. If this option is not set, company resources assigned to the system role are inherited. If the option is enabled at a later date, existing assignments are removed. |
|
IT Shop |
Specifies whether the system role can be requested through the IT Shop. This system role can be requested by staff through the Web Portal and the request granted by a defined approval procedure. The system role can still be assigned directly to employees and hierarchical roles. For detailed information about IT Shop, see the One Identity Manager IT Shop Administration Guide. |
|
Only for use in IT Shop |
Specifies whether the system role can only be requested through the IT Shop. This system role can be requested by staff through the Web Portal and the request granted by a defined approval procedure. The system role may not be assigned directly to hierarchical roles. |
|
Spare field no. 01 ... Spare field no. 10 |
Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields. |
Assign the company resources you want to group together into one package, to the system role. When you assign system roles to employees and workdesks, the company resources are inherited by the employees and workdesks.
The following table lists the company resources you can assign to system roles.
|
Company Resource |
Available in Module |
|---|---|
|
Resources |
always |
|
Account definitions |
Target System Base Module |
|
Groups of custom target systems |
Target System Base Module |
|
Active Directory groups |
Active Directory Module |
|
SharePoint groups |
SharePoint Module |
|
SharePoint roles |
SharePoint Module |
|
LDAP groups |
LDAP Module |
|
Notes groups |
IBM Notes Module |
|
SAP groups |
SAP R/3 User Management Module |
|
SAP profiles |
SAP R/3 User Management Module |
|
SAP roles |
SAP R/3 User Management Module |
|
Structural profiles |
SAP R/3 Structural Profiles Add-on Module |
|
BI analysis authorizations |
SAP R/3 Analysis Authorizations Add-on Module |
|
E-Business Suite permissions |
Oracle E-Business Suite Module |
|
System roles |
System Roles Module |
|
Subscribable reports |
Report Subscription Module |
|
Software |
Software Management Module |
|
Azure Active Directory groups |
Azure Active Directory Module |
|
Azure Active Directory administrator roles |
Azure Active Directory Module |
|
G Suite groups |
G Suite Module |
|
G Suite products and SKUs |
G Suite Module |
To add company resources to a system role
Select the Entitlements | System Roles category.
Select the system role in the result list.
Select the task to assign the corresponding company resource.
In the Add assignments pane, assign company resources.
- OR -
Remove the company resources in Remove assignments.
You can assign system roles directly or indirectly to employees or workdesks. In the case of indirect assignment, employees (workdesks) and system roles are grouped into hierarchical roles. The number of system roles is calculated from the position in the hierarchy and the direction of inheritance assigned to an employee (or workdesk).
Assignment of employees and system roles is permitted for role classes (departments, cost centers, locations, or business roles).
Assignment of workdesks and system roles is permitted for role classes (departments, cost centers, locations, or business roles).
Add employees to a shop as customers so that system roles can be assigned through IT Shop requests. All system roles assigned as product to this shop can be requested by the customers. Requested system roles are assigned to the employees after approval is granted.
NOTE: If the system role is disabled or if the share date is still in the future, the company resources are not inherited.
For more detailed information about the basic principles for assigning company resources, see the One Identity Manager Identity Management Base Module Administration Guide.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center