Chat now with support
Chat with Support

Active Roles 7.6.3 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 and Azure Tenant Selection User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management Managing One Identity Starling Connect Configuring linked mailboxes with Exchange Resource Forest Management Configuring remote mailboxes for on-premises users Azure AD, Office 365, and Exchange Online management
Configuring Active Roles to manage hybrid AD objects Managing Hybrid AD Users Unified provisioning policy for Azure O365 Tenant Selection, Office 365 License Selection, and Office 365 Roles Selection, and OneDrive provisioning Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Office 365 Groups Managing Azure Security Groups Managing cloud-only distribution groups Managing cloud-only Azure users Managing cloud-only Azure guest users Managing cloud-only Azure contacts Changes to Active Roles policies for cloud-only Azure objects Managing room mailboxes Managing cloud-only shared mailboxes
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Using regular expressions Administrative Template Communication ports Active Roles and supported Azure environments Active Roles integration with other One Identity and Quest products Active Roles integration with Duo Active Roles integration with Okta Active Roles Diagnostic Tools Active Roles Add-on Manager

Steps for modifying permissions in an Access Template

To modify a permission entry in an Access Template

  1. In the console tree, under Configuration | Access Templates, locate and select the folder that contains the Access Template you want to modify.
  2. In the details pane, right-click the Access Template, and click Properties.
  3. On the Permissions tab, select the permission entry you want to modify, click View/Edit, and then use the tabs in the Modify Permission Entry dialog box to make changes to the permission entry.

For detailed instructions on how to view or modify a permission entry in an Access Template, see Steps for creating an Access Template earlier in this document.

NOTE: '

  • The Permissions tab in the Properties dialog box lists the permission entries that are configured in the Access Template. You can use the Permissions tab to add, modify, or delete permission entries from the Access Template.
  • The options on the Permissions tab in the Modify Permission Entry dialog box are read-only. If you need to choose a different option for the permission entry, you should delete the permission entry and then add a new permission entry with the option you need. For instructions, see Steps for adding permissions to an Access TemplateSteps for adding permissions to an Access Template.
  • Once an Access Template is applied within Active Roles to determine permission settings in the directory, any changes to the list of permission entries in the Access Template causes the permission settings in the directory to change accordingly.
  • Active Roles includes a suite of pre-defined Access Templates. The permission entries in a pre-defined Access Template cannot be modified. If you need to modify a permission entry in a pre-defined Access Template, create a copy of that Access Template, and then make changes to the copy. For instructions, see Steps for copying an Access Template.

Steps for removing permissions from an Access Template

To delete a permission entry from an Access Template

  1. In the console tree, under Configuration | Access Templates, locate and select the folder that contains the Access Template you want to modify.
  2. In the details pane, right-click the Access Template, and click Properties.
  3. On the Permissions tab, select the permission entry you want to delete, click Remove, and then click Yes to confirm the deletion.

NOTE:

  • The Permissions tab lists the permission entries that are configured in the Access Template. You can use the Permissions tab to add, modify, or delete permission entries from the Access Template.
  • Once an Access Template is applied within Active Roles to determine permission settings in the directory, any changes to the list of permission entries in the Access Template causes the permission settings in the directory to change accordingly.
  • Active Roles includes a suite of pre-defined Access Templates. Permission entries cannot be deleted from a pre-defined Access Template. If you need to modify the list of permission entries found in a pre-defined Access Template, create a copy of that Access Template, and then make changes to the copy. For instructions, see Steps for copying an Access Template.

Nesting Access Templates

Active Roles makes it possible to define permissions in an Access Template by including (nesting) other Access Templates. This reduces the work required if you need to create a new Access Template that is similar to an existing one. Instead of modifying an existing Template to add new permissions, you can nest it into a new Access Template.

This feature simplifies Access Template management by re-using the existing preconfigured or custom Access Templates. For example, if you need to add permissions to the pre-defined Help Desk Access Template, you can create a new Access Template, nest the Help Desk Access Template into the new Access Template, and add permissions to the new Access Template as needed.

To nest Access Templates to a given Access Template, use the Nesting tab in the Properties dialog box for that Access Template.

The Nesting tab lists all Access Templates that are included (nested) in the selected Access Template, similar to the following figure:

Figure 34: Nesting Access templates

Each entry in the list provides the following information:

  • Name  The name of the nested Access Template.
  • In Folder  Path to the container that holds the nested Access Template.

You can manage the list on the Nesting tab by using the button beneath the list:

  • Add  Click this button to select Access Templates you want to nest into the Access Template being administered.
  • Remove  Select Access Templates from the list and click this button to remove them from the Access Template being administered.
  • View/Edit  Select an Access Template from the list and click this button to view or modify the selected Access Template.

From the Nesting tab, you can also access the following information:

  • All Permissions  Displays all permissions in the Access Template, including those that come from the nested Access Templates.
  • Nested In  Displays a list of Access Templates in which the Access Template is included due to nesting.

Steps for managing nested Access Templates

To configure an Access Template to include another Access Template

  1. In the console tree, under Configuration | Access Templates, locate and select the folder that contains the Access Template you want to configure.
  2. In the details pane, right-click the Access Template, and click Properties.
  3. On the Nesting tab, click Add, and then select the Access Template you want to be included in the Access Template you are configuring.

NOTE:

  • Configuring an Access Template to include another Access Template is referred to as nesting. The Nesting tab provides a list of Access Templates that are nested into the Access Template. You can add Access Templates to the list or remove Access Templates from the list.
  • Nesting an Access Template into a target Access Template causes the list of permission entries in the target Access Template to be extended with the permission entries of the nested Access Template. Thus, if Access Template A is nested into Access Template B, all the permission entries found in Access Template A are added to the list of permission entries in Access Template B.
  • You can view a consolidated list of permission entries for the Access Template: On the Nesting tab, click All Permissions. The list includes both the permission entries that are configured in the Access Template and the permission entries found in each Access Template that is nested into the Access Template. Note that the Permissions tab in the Properties dialog box lists only those permission entries that are configured in the Access Template. The permission entries that are inherited from other Access Templates by reason of nesting are not listed on the Permissions tab.
  • You can view the Access Templates into which the selected Access Template is nested: On the Nesting tab, click Nested In. Double-clicking items in the Nested In list opens the Properties dialog box for each of the Access Templates that the selected Access Template is nested into.
  • Nesting allows you to reuse the existing pre-defined or custom Access Templates. For example, if you need to add permission entries to the pre-defined Access Template Help Desk, then you can create a new Access Template, nest the Help Desk Access Template into the newly created Access Template, and add permission entries to the new Access Template as needed.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating