Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager.
To edit the master data of an administrator role
|
Property |
Description |
|---|---|
|
Display name |
The display name is used to display the administrator role in the One Identity Manager tool's user interface. |
| Tenant |
The administrator role's tenant. |
|
Template ID. |
ID of the administrator role template on which this administrator role was based. |
|
IT Shop |
Specifies whether the administrator role can be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. The administrator role can still be assigned directly to user accounts and hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the administration role can only be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. You cannot assign an administrator role directly to a hierarchical role. |
|
Service item |
Specifies a service item for using to request the administrator role through the IT Shop. |
|
Risk index |
Value for assessing the rich of assigning administrator roles to user accounts. Enter a value between 0 and 1. This property is only visible if the configuration parameter "QER\CalculateRiskIndex" is set. For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
|
Category |
Categories for inheriting administrator roles. Administrator roles can be selectively inherited by user accounts. To do this, administrator roles and user accounts are divided into categories. Use the menu to allocate one or more categories to the administrator role. |
|
Description |
Spare text box for additional explanation. |
Administrator roles can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and administrator roles are assigned to hierarchical roles, such as, departments, cost centers, locations or business roles. The administrator roles assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.
If you add an employee to roles and that employee owns a user account, the user account is added to the administrator roles. Prerequisites for indirect assignment of employees to user accounts:
Furthermore, administrator roles can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that administrator roles can be assigned through IT Shop requests. All administrator roles assigned as products to this shop, can be requested by the customers. Requested administrator roles are assigned to the employees after approval is granted.
By assigning administrator roles to departments, cost centers or locations, you enable the group to be assigned to user accounts through these organizations.
To assign an administrator role to departments, cost centers or locations (non role-based login)
Assign organizations in Add assignments.
- OR -
Remove the organizations from Remove assignments.
To assign administrator roles to departments, cost centers or locations (role-based login)
- OR -
Select the category Organizations | Cost centers.
- OR -
Select the category Organizations | Locations.
- OR -
Remove administrator roles in Remove assignments.
| Installed Modules: | Business Roles Module |
By assigning administrator roles to business roles, the administrator role can be assigned to user accounts through these business roles.
To assign an administrator role to business roles (non role-based login)
Assign business roles in Add assignments.
- OR -
Remove business roles from Remove assignments.
To assign administrator roles to a business role (non role-based login)
- OR -
Remove administrator roles in Remove assignments.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy
