The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
|Software||This configuration parameter specifies whether application management is supported.|
|Application||Preprocessor parameter to control the model parts for application administration. If the parameter is active, application administration items are available. Changes to the parameter require recompiling the database.|
An employee can directly obtain applications. Furthermore, employees inherit (and pass on) all applications from all the roles of which they are members (table PersonIn<BaseTree>) as well as the applications of all the roles that are referenced over a foreign key relationship (table Person, column UID_<BaseTree>). Direct and indirect assignments of system roles to employees are mapped in the table PersonHasApp.
A workdesk can directly obtain applications. Furthermore a workdesk inherits (and passes inheritance onto) all applications from all the roles of which it is a member (table WorkdeskIn<BaseTree>) as well as the applications of all the roles that are referenced over a foreign key relationship (table WorkDesk, column UID_<BaseTree>). Direct and indirect assignments of applications to workdesks are mapped in the table WorkdeskhasApp.
Assignments of roles to application are stored in the <BaseTree>HasApp table. Applications can also be inherited through system roles.
Figure 1: Inheritance when Assigning Applications Directly to Employees
Figure 2: Inheritance with Indirect Secondary assignment of Applications to Employees
Figure 3: Inheritance with Indirect Primary Assignment of Applications to Employees