Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-Based Systems Setting Up Synchronization with a Unix-Based Target System Base Data for Unix-Based Target Systems Unix Host Unix user accounts Unix groups Reports about Unix Objects Appendix: Configuration Parameters for Managing Unix Appendix: Default Project Template for Unix-Based Target Systems

Unix Group Inheritance Based on Categories

Unix Group Inheritance Based on Categories

In One Identity Manager, groups can be selectively inherited by user accounts. For this, groups and user accounts are divided into categories. The categories can be freely selected and are specified by a template. Each category is given a specific position within the template. The template contains two tables; the user account table and the group table. Use the user account table to specify categories for target system dependent user accounts. Enter your categories for the target system dependent groups, administrative roles, subscriptions and disabled service plans in the . Each table contains the category items "Position1" to "Position31".

Every user account can be assigned to one or more categories. Each group can also be assigned to one or more categories. The group is inherited by the user account when at least one user account category item matches an assigned group. The group is also inherited by the user account if the group or the user account is not put into categories.

 NOTE: Inheritance through categories is only taken into account when groups are assigned indirectly through hierarchical roles. Categories are not taken into account when groups are directly assigned to user accounts.
Table 40: Category Examples
Category Position Categories for User Accounts Categories for Groups
1 Default user Default permissions
2 System user System user permissions
3 System administrator System administrator permissions

Figure 2: Example of inheriting through categories.

To use inheritance through categories

  • Define the categories in the host environment.
  • Assign categories to user accounts through their master data.
  • Assign categories to groups through their master data.
Related Topics

Assigning Extended Properties to an Unix Group

Assigning Extended Properties to an Unix Group

Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.

To specify extended properties for a group

  1. Select the category Unix | Groups.
  2. Select the group in the result list.
  3. Select Assign extended properties in the task view.

  4. Assign extended properties in Add assignments.

    The view- OR -

    Remove extended properties from Remove assignments.

  5. Save the changes.

For more detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Deleting Unix Groups

Deleting Unix Groups

To delete a group

  1. Select the category Unix | Groups.
  2. Select the group in the result list.
  3. Delete the group using .
  4. Confirm the security prompt with Yes.

The group is deleted completely from the One Identity Manager database and from Unix.

Reports about Unix Objects

Reports about Unix Objects

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for Unix-based target systems.

 NOTE: Other sections may be available depending on the which modules are installed.
Table 41: Reports for the Target System

Report

Description

Overview of all Assignments

This report finds all roles containing employees with at least one user account in the selected host system.

Show orphaned user accounts

This report shows all host's user accounts, which are not assigned to an employee. The report contains group memberships and risk assessment.

Show employees with multiple user accounts

This report shows all employees with more than one user account in the host. The report is a risk assessment.

Show unused user accounts

This report shows all user accounts in the host, which have not been used in the last few months. The report contains group memberships and risk assessment.

Show entitlement drifts

This report shows all host's groups that are the result of manual operations in the target system rather than using One Identity Manager.

Show user accounts with an above average number of system entitlements

This report contains all the host's user accounts with an above average number of group memberships.

Unix user account and group administration

This report contains a summary of user account and group distribution in all host systems. You can find this report in the category My One Identity Manager.

Data quality summary for Unix user accounts

This report contains different evaluations of user account data quality in all host systems. You can find this report in the category My One Identity Manager.

Related Documents