To change the program settings
Setting | Meaning | ||||||
---|---|---|---|---|---|---|---|
Automatically close analysis information window on completion |
If this option is set and analyses are predefined, the information window is closed after analysis. If the option is not set, the information window is shown. Close the window using the Finished button. | ||||||
Show permissions weighting |
Set this option to also display a weighting for the permissions. | ||||||
Role naming template |
Define a template for role names. This is used when to format new role names in predefined analysis methods. The template support following variables:
|
To start analyzing with the Analyzer
Analysis Methods | Description | ||
---|---|---|---|
Use the wizard to select analysis data |
The output is collected with a wizard. For more information, see Selecting Analysis Data with the Wizard. | ||
Active Directory Employee Permissions |
Permissions are analyzed of all employees with Active Directory group memberships. For more information, see Predefined Analyzes.
| ||
Active Directory Employee Permissions and Departments |
Permissions are analyzed of all employees with Active Directory group memberships. Departments with Active Directory groups are also included in the analysis. For more information, see Predefined Analyzes.
|
Before you start the analysis, you collect your initial data. The Analyzer accesses all permissions information in its own database and creates a mapping table with employees and their permissions. The result can be suggestions for single roles from analyzing a single application but also cross-system roles from analyzing permissions in several systems.
To select initial data
Employees can be selected through the organization and business roles contained in One Identity Manager.
The employees assigned to this structure are displayed in the Employees list. Use the Show directly/indirectly assigned employees buttons in the title bar to filter the employees.
Icon | Meaning |
---|---|
Show indirectly assigned employees. | |
Show directly assigned employees | |
Show employees from child nodes |
You define a condition which is used to find the employees in the database. The wizard helps you to formulate a condition (where clause) for database queries. The complete database query is composed internally. The database query references the table "Person". For more information about using the wizard, see .One Identity Manager User Guide for One Identity Manager Tools User Interface and Default Functions
The list displays all the employees in the One Identity Manager database. Use SHIFT + SELECTION or CTRL + SELECTION to select several employees for analysis.
Load an existing configuration. Select the template file and click Open.
Analysis Methods | Description |
---|---|
Simple cluster analysis/Complex cluster analysis |
Permissions are grouped with new business roles using cluster analysis methods and assigned employees. The Analyzer supports role mining through two different cluster analysis methods, which differ in the way they calculate the distances between clusters. |
Decision hierarchy |
Permissions are grouped into new business roles in a decision hierarchy and employees are assigned to it. The number of group members is taken as the decision criteria. |
Structure assignment |
You may use existing role structure, for example, organizational structures from ERP systems. The use of existing structures, for example, organizational structure from ERP systems, is possible. |
Permissions analysis |
Employees are analyzed with the help of permissions analysis. Business roles are freely defined and assignments of permissions and employees are evaluated manually based on the existing permissions. |
This loads the data and starts the analysis. The results of the analysis are subsequently displayed. For more information, see Analysis Evaluation.
|
NOTE: Analysis methods are made available when the Active Directory Module is present. |
The following predefined analyses are provided:
Permissions are analyzed of all employees with Active Directory group memberships.
Permissions are analyzed of all employees with Active Directory group memberships. Departments with Active Directory groups are also included in the analysis.
To start predefined analysis
This loads the analysis data and starts analysis immediately. This may take some time, depending on the amount of data.
Analysis data is displayed depending on the program settings. Click Expand... to see detailed information. Click Finish to close the dialog box. The results of the analysis are subsequently displayed. For more information, see Analysis Evaluation.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy