Users, mail-in databases, groups and servers can be grouped together into Notes groups. IBM Notes divides groups into different group types. The groups type specifies the group’s intended purpose and whether the group is visible in the Domino Directory.
To edit group master data
- OR -
Click in the result list toolbar.
|Configuration parameter||Active Meaning|
|QER\CalculateRiskIndex||Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is set, values can be entered and calculated for the risk index.
Enter the following data for groups.
|Group||Name of the group.|
|Display name||Display name of the group.|
|Notes domain||Domain in which the group is managed.|
|Group type||Purpose of the group. The group type defines the visibility of the group in the Domino directory.
Applicable group types are:
|Parent Notes group||Unique identifier of the dynamic group to which the extension group belongs. This property is maintained for all extension groups in a dynamic group.|
|Service item||Service item data for requesting the group through the IT Shop.|
|Internet address||Internet email address of the group.|
|Notes category||Categorizes the group further. To create a new Notes category, click .|
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set.
For more detailed information, see the One Identity Manager Risk Assessment Administration Guide.
|Notes category||Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group.
For more detailed information, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Base Module Administration Guide.
|Import dynamic members||Method for specifying members of a dynamic group. Select "Home server" if the group members are determined dynamically from the home server members. Excluded and additional lists are synchronized for this group. Select "none" if the group is not dynamic.|
|Description||Spare text box for additional explanation.|
|Allow foreign directory synchronization||Specifies whether the information about this group can be forwarded to a foreign directory.|
|Locked group||Specifies whether the group is set as a denied access group.|
Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles.
The option cannot be set if the group is a dynamic group.
For more detailed information, see the One Identity Manager IT Shop Administration Guide.
|Only for use in IT Shop||
Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles.
|Dynamic group||Specifies whether this is a dynamic group. This option is set depending on the setting of property "Import dynamic members".|
Groups can be assigned directly or indirectly to employees. In the case of indirect assignment, employees and groups are arranged in hierarchical roles. The number of groups assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to hierarchical roles and that employee owns a user account, this user account is added to the group. Prerequisites for indirect assignment of employees to user accounts:
Furthermore, groups can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that groups can be assigned through IT Shop requests. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.
For more detailed information about inheriting company resources, see the One Identity Manager Identity Management Base Module Administration Guide.
Assign groups to departments, cost centers and locations in order to assign user accounts to them through these organizations. This task is not available for dynamic groups.
To assign a group to departments, cost centers or locations (non role-based login)
Assign organizations in Add assignments.
- OR -
Remove the organizations from Remove assignments.
To assign groups to a department, cost center or location (role-based login)
- OR -
Select the category Organizations | Cost centers.
- OR -
Select the category Organizations | Locations.
- OR -
Remove assignments to groups in Remove assignments.