Assigning Permissions Controls to Groups
Assigning Permissions Controls to Groups
Use this task to assign a permissions control directly to groups.
To assign groups to a permissions control
- Select the category Custom target systems | <target system> | Permissions controls.
- Select the permissions control in the result list.
- Select Assign groups in the task view.
-
Assign groups in Add assignments.
The view- OR -
Remove groups from Remove assignments.
- Save the changes.
Reports about Custom Target Systems
Reports about Custom Target Systems
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for custom target systems.
|
|
NOTE: Other sections may be available depending on the which modules are installed. |
| Report | Description |
|---|---|
|
Overview of all assignments (target system) |
This report finds all roles containing employees with at least one user account in the selected target system. |
|
Overview of all assignments (container) |
This report finds all roles containing employees with at least one user account in the selected container. |
|
Overview of all assignments (group) |
This report finds all roles containing employees with the selected group. |
|
Show orphaned user accounts |
This report shows all user accounts in the target system which are not assigned an employee. |
|
Show employees with multiple user accounts |
This report shows all employees with more than one user account in the target system. |
|
Show unused user accounts |
This report shows all user accounts in the target system that have not been used in the last few months. |
|
Show entitlement drifts |
This report shows all target system groups, which are the result of manual operations in the target system rather than provisioned through One Identity Manager. |
|
Show user accounts with an above average number of system entitlements |
This report contains all user accounts in the target system with an above average number of group memberships. |
Related Topics
Overview of all Assignments
Overview of all Assignments
The report "Overview of all Assignments" is displayed for certain objects, for example, permissions, compliance rules or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles and IT Shop structures in which there are employee who own the selected base object. In this case, direct as well as indirect base object assignments are included.
Example
- If the report is created for a resource, all roles are determined in which there are employees with this resource.
- If the report is created for a group, all roles are determined in which there are employees with this group.
- If the report is created for a compliance rule, all roles are determined in which there are employees with this compliance rule.
- If the report is created for a department, all roles are determined in which employees of the selected department are also members.
- If the report is created for a business role, all roles are determined in which employees of the selected business role are also members.
To display detailed information about assignments
- To display the report, select the base object from the navigation or the result list and select the report Overview of all assignments.
- Use the
Used by button in the report's toolbar to select the role class (department, location, business role or IT Shop structure) for which you determine if roles exist in which there are employees with the selected base object.
All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are employees with the selected base object. The meaning of the report control elements is explained in a separate legend. In the report's toolbar, click
to open the legend.
- Double-click a control to show all child roles belonging to the selected role.
- By clicking the
button in a role's control, you display all employees in the role with the base object.
- Use the small arrow next to
Figure 2: Toolbar for Report "Overview of all assignments"
| Icon | Meaning |
|---|---|
| |
Show the legend with the meaning of the report control elements |
 |
Saves the current report view as a graphic. |
| |
Selects the role class used to generate the report. |
|
|
Displays all roles or only the affected roles. |
Appendix: Configuration Parameters for Managing Custom Target Systems
Appendix: Configuration Parameters for Managing Custom Target Systems
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
| Configuration parameter | Meaning |
|---|---|
| TargetSystem\UNS | Preprocessor relevant configuration parameter to control the component parts for the managing custom target systems. If the parameter is set, the target system components are available. Changes to the parameter require recompiling the database. |
| TargetSystem\UNS\Accounts | This configuration parameter permits configuration of user account data. |
|
TargetSystem\UNS\Accounts\ |
This configuration parameter specifies whether a random generated password is issued when a new user account is added. It must contain at least those character sets set in the configuration subparameters. |
|
TargetSystem\UNS\Accounts\ |
This configuration parameter specifies to which employee the email with the random generated password should be sent (manager cost center/department/location/business role, employee’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the configuration parameter "TargetSystem\UNS\DefaultAddress". |
|
TargetSystem\UNS\Accounts\ |
This configuration parameter contains the name of the mail template sent to inform users about their initial login data (name of the user account). Use the mail template "Employee - new account created". |
|
TargetSystem\UNS\Accounts\ |
This configuration parameter contains the name of the mail template sent to inform users about their initial login data (initial password). Use the mail template "Employee - initial password for new user account". |
|
TargetSystem\UNS\Accounts\ |
This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating a user account. Use the mail template "Employee - new user account with default properties created". |
| TargetSystem\UNS\CreateNewRoot | The configuration parameter specifies whether new target systems can be added. If this parameter is set, custom target systems can be added. |
| TargetSystem\UNS\DefaultAddress | The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system. |
| TargetSystem\UNS\PersonAutoDefault | This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization. |
| TargetSystem\UNS\PersonAutoDisabledAccounts | This configuration parameters specifies whether employees are automatically assigned to disable user accounts. User accounts do not obtain an account definition. |
| TargetSystem\UNS\PersonAutoFullSync | This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization. |
| TargetSystem\UNS\PersonExcludeList | List of all user accounts for which automatic employee assignment should not take place. Names given in a pipe (|) delimited list that is handled as a regular search pattern.
Example: ADMINISTRATOR|GUEST|KRBTGT|TSINTERNETUSER|IUSR_.*|IWAM_.*|SUPPORT_.*|.*\$ |