Define Inheritance Exclusion for Application Roles
Define Inheritance Exclusion for Application Roles
It is possible that employees cannot own certain system roles at the same time. Thus, for example, exception approvers for rule violations may not be rule supervisors at the same time. You can specify mutually exclusive (conflicting) application roles to achieve this behavior. Then you cannot assign these application roles to the same person anymore.
|
|
NOTE: Only system roles, which are defined directly as conflicting application roles cannot be assigned to the same employee. Definitions made on parent or child application roles do not effect the assignment. |
To define conflicting application roles
- Set the configuration parameter "QER\Structures\ExcludeStructures" in the Designer and compile the database.
To define conflicting application roles
- Select the category One Identity Manager administration.
- Select a category in the navigation view.
- Select the application role in the result list for which you want to define conflicting application roles.
- Select Edit conflicting application roles in the task view.
- Assign the application roles that are mutually exclusive to the selected application role in Add assignments.
- OR -
Remove the application roles that are no longer mutually exclusive in Remove assignments.
- Save the changes.
Assign subscribable reports
|
|
NOTE: This function is only available if the Report Subscription Module is installed. |
Use this task to assign subscribable reports to selected application roles. All employee in this application role can subscribe to reports in the Web Portal.
|
|
NOTE: This task is only available if the application roles (or a parent application role) is assigned to a permissions group. |
|
|
NOTE: You cannot assign subscribable reports to the application roles Base roles | Employee managers, Base roles | Everyone (Lookup) and Base roles | Everyone (Change). |
- Select the category One Identity Manager administration.
- Select a category in the navigation view.
- Select an application role in the result list.
- Select Assign subscribable reports in the task view.
- Assign reports in Add assignments.
- OR -
Remove the reports in Remove assignments.
- Save the changes.
For more detailed information about report subscriptions, see the One Identity Manager Report Subscriptions Administration Guide.
Assign Extended Properties to Application Roles
Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.
To specify extended properties for an application role
- Select the category One Identity Manager administration.
- Select a category in the navigation view.
- Select an application role in the result list.
- Select Assign extended properties in the task view.
-
Assign extended properties in Add assignments.
The view- OR -
Remove extended properties from Remove assignments.
- Save the changes.
For more detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
Reports about Application Roles
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for application roles.
| Report | Description |
|---|---|
| Overview of all Assignments | This report finds all the roles in which employees from the selected application roles are also members. |
| Show historical memberships |
This report lists all members of the selected application role and the length of their membership. |