After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.
Use this task to obtain an overview of the most important information about a group.
To obtain an overview of a group
Use this task to add a group to another group.
To assign groups directly to a group
- OR -
Remove assignments to groups in Remove assignments.
|Configuration parameter||Active Meaning|
Preprocessor relevant configuration parameter for controlling effectiveness of group memberships. If the parameter is set, memberships can be reduced on the basis of exclusion definitions. The database has to be recompiled after changes have been made to the parameter.
When groups are assigned to user accounts an employee may obtain two or more groups, which are not permitted in this combination. To prevent this, you can declare mutually exclusive groups. To do this, you specify which of the two groups should apply to the user accounts if both are assigned.
It is possible to assign an excluded group directly, indirectly or by IT Shop request at any time. One Identity Manager determines whether the assignment is effective.
The effect of the assignments is mapped in the tables
Clara Harris has a user account in this
By using suitable controls, you want to prevent an employee from
|Effective Group||Excluded Group|
|Group B||Group A|
|Group C||Group B|
|Employee||Member in Role||Effective Group|
|Ben King||Marketing||Group A|
|Jan Bloggs||Marketing, finance||Group B|
|Clara Harris||Marketing, finance, control group||Group C|
|Jenny Basset||Marketing, control group||Group A, Group C|
Only the group C assignment is in effect for Clara Harris. It is published in the target system. If Clara Harris leaves the business role "control group" at a later date, group B also takes effect.
The groups A and C are in effect for Jenny Basset because the groups are not defined as mutually exclusive.
|Employee||Member in Role||Assigned Group||Excluded Group||Effective Group|
|Control group||Group C||Group B
|NOTE: Groups, which are mutually exclusive, are determined within a target system type independently of the target system. The features must be taken into account in the definition of exclusion.|
To exclude a group
- OR -
Remove the conflicting groups that are no longer mutually exclusive in Remove assignments.