In One Identity Manager,
Every user account can be assigned to one or more categories. Each group can also be assigned to one or more categories. The group is inherited by the user account when at least one user account category item matches an assigned group. The group is also inherited by the user account if the group or the user account is not put into categories.
|
NOTE: Inheritance through categories is only taken into account when groups are assigned indirectly through hierarchical roles. Categories are not taken into account when groups are directly assigned to user accounts. |
Category Position | Categories for User Accounts | Categories for Groups |
---|---|---|
1 | Default user | Default permissions |
2 | System user | System user permissions |
3 | System administrator | System administrator permissions |
Figure 2: Example of inheriting through categories.
To use inheritance through categories
Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.
To specify extended properties for a group
Assign extended properties in Add assignments.
The view- OR -
Remove extended properties from Remove assignments.
For more detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
To delete a group
The group is deleted completely from the One Identity Manager database and from Unix.
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for Unix-based target systems.
|
NOTE: Other sections may be available depending on the which modules are installed. |
Report |
Description |
---|---|
Overview of all Assignments |
This report finds all roles containing employees with at least one user account in the selected host system. |
Show orphaned user accounts |
This report shows all host's user accounts, which are not assigned to an employee. The report contains group memberships and risk assessment. |
Show employees with multiple user accounts |
This report shows all employees with more than one user account in the host. The report is a risk assessment. |
Show unused user accounts |
This report shows all user accounts in the host, which have not been used in the last few months. The report contains group memberships and risk assessment. |
Show entitlement drifts |
This report shows all host's groups that are the result of manual operations in the target system rather than using One Identity Manager. |
Show user accounts with an above average number of system entitlements |
This report contains all the host's user accounts with an above average number of group memberships. |
Unix user account and group administration |
This report contains a summary of user account and group distribution in all host systems. You can find this report in the category My One Identity Manager. |
Data quality summary for Unix user accounts |
This report contains different evaluations of user account data quality in all host systems. You can find this report in the category My One Identity Manager. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy