Chat now with support
Chat with Support

Identity Manager 8.1.5 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-based systems Setting up synchronization with a Unix-based target system Basic data for Unix-based target systems Unix host Unix user accounts Unix groups Reports about Unix objects Configuration parameters for managing a Unix environment Default project template for Unix-based target systems

Unix groups

In the Unix host, user accounts can be gathered into groups that can be used to regulate access to resources. Local groups are loaded into One Identity Manager by synchronization. You can set up new groups or to edit already existing groups.

To add users to groups, you assign the groups directly to users. This can be assignments of groups to departments, cost centers, locations, business roles, or the IT Shop.

Detailed information about this topic

Entering master data for Unix groups

To edit group master data

  1. In the Manager, select the Unix | Groups category.

  2. Select the group in the result list and run the Change master data task.

  3. On the master data form, edit the master data for the group.

  4. Save the changes.
Detailed information about this topic

General master data for a Unix group

Enter the following data on the General tab.

Table 29: General master data
Property Description

Group name

Name of the group.

Group ID

Group's identifier.

Host

Group's host.

IT Shop

Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles.

Only for use in IT Shop

Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is not permitted.

Service item

Service item data for requesting the group through the IT Shop.

Risk index

Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated.

For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

 Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Select one or more categories from the menu.
Related topics

Assigning Unix groups to Unix user accounts

Groups can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees, and groups are assigned to hierarchical roles, such as , departments, cost centers, locations, or business roles. The groups assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.

If you add an employee to roles and that employee owns a user account, the user account is added to the groups. Prerequisites for the indirect assignment of employees to user accounts:

  • Assignment of employees and groups is permitted for role classes (departments, cost centers, locations, or business roles).
  • User accounts are marked with the Groups can be inherited option.

Groups can also be assigned to employees through IT Shop requests. So that groups can be assigned using IT Shop requests, employees are added to a shop as customers. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating