In One Identity Manager,
Every user account can be assigned to one or more categories. Each group can also be assigned to one or more categories. The group is inherited by the user account when at least one user account category item matches an assigned group. The group is also inherited by the user account if the group or the user account is not put into categories.
|NOTE: Inheritance through categories is only taken into account when groups are assigned indirectly through hierarchical roles. Categories are not taken into account when groups are directly assigned to user accounts.|
|Category Position||Categories for User Accounts||Categories for Groups|
|1||Default user||Default permissions|
|2||System user||System user permissions|
|3||System administrator||System administrator permissions|
Figure 1: Example of inheriting through categories.
To use inheritance through categories
Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.
To specify extended properties for a group
Assign extended properties in Add assignments.
The view- OR -
Remove extended properties from Remove assignments.
For more detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
Use this task to assign permissions controls to groups.
To assign permissions controls to a group
- OR -
Double-click on the permissions controls in Remove assignments to remove their assignments.
Use permissions controls to map more properties of the target systems. To do this, you can import the data you want into the One Identity Manager from the connected target system. You can also add permissions controls in the One Identity Manager.
To edit permissions controls
- OR -
Click in the result list toolbar.