The password policy is used for logging in to with a system user. This password policy defined the settings for the system user passwords (DialogUser.Password and Person.DialogUserPassword) as well as the passcode for a one time log in on the Web Portal (Person.Passcode).
If necessary, adjust the password policy to your requirements in the Designer. For detailed information about editing password policies, see One Identity Manager Operational Guide.
NOTE: The password policy is marked as the default policy. This password policy is applied if no other password policy can be found for employees, user accounts or system users.
To prevent passwords expiring for service accounts, for example, in the Designer, you can enable the Password never expires (DialogUser.PasswordNeverExpires) option for the respective system users.
Related topics
Add the system users to permissions groups, thereby granting permissions for the tables and columns of the One Identity Manager schema and make the user interface available.
NOTE:
-
You cannot add system users to role-based permissions groups. Dynamic system users are calculated for role-based login.
-
Administrative system users are automatically added to all non role-based permissions groups.
-
The QBM_BaseRights permissions group defines the base rights that are required for a system user to log in to the One Identity Manager tools. This permissions group is always assigned implicitly.
-
The viadmin system user has all of the specified permissions and the complete user interface. The system user implicitly receives the authorizations and user interface parts of the custom permissions groups.
A system user's memberships in permissions groups are displayed in the Designer in the User & Permissions Group Editor. Use the Options > Display permissions group inheritance menu to specify whether to display the direct and inherited memberships of permissions groups for a system user.
Figure 2: Memberships of a system user in permissions groups
Table 25: Meaning of icons in the hierarchical display
|
The selected system user is not assigned to this permissions group. |
|
The selected system user is assigned to this permissions group. |
|
The selected system user is indirectly assigned to this permissions group. |
|
The selected system user is directly and indirectly assigned to this permissions group. |
To assign a system user to a permissions group
-
In the Designer, select the Permissions > System user category.
-
Select a system user and start the User & Permissions Group Editor with the Edit system user task.
-
In the hierarchical view, select the permission group. By clicking on the icon, you add or delete the selected system user to or from a permissions group.
-
Select the Database > Save to database and click Save.
TIP: To assign a system user to several permissions groups, use the User > Permissions groups menu.
Related topics
Employees obtain a system user direct through their main data or dynamically through their One Identity Manager applications roles.
To display which employees are assigned to a system user
-
In the Designer, select the Permissions > System user category.
-
Select a system user and start the User & Permissions Group Editor with the Edit system user task.
-
Select the View > One Identity Manager employees menu item.
NOTE: You cannot change the assignments in this view.