Chat now with support
Chat with Support

Identity Manager 8.0 - Business Roles Administration Guide

Managing Business Roles Role Mining in One Identity Manager

Customizing Program Settings

To change the program settings

  • Select Database | Settings... from the menu.
Table 20: Program Settings
Setting Meaning

Automatically close analysis information window on completion

If this option is set and analyses are predefined, the information window is closed after analysis. If the option is not set, the information window is shown. Close the window using the Finished button.

Show permissions weighting

Set this option to also display a weighting for the permissions.

Role naming template

Define a template for role names. This is used when to format new role names in predefined analysis methods. The template support following variables:


Sequential number


Name of first object in cluster


Name of first property in cluster

Running an Analysis

To start analyzing with the Analyzer

Selecting Analysis Data with the Wizard

Before you start the analysis, you collect your initial data. The Analyzer accesses all permissions information in its own database and creates a mapping table with employees and their permissions. The result can be suggestions for single roles from analyzing a single application but also cross-system roles from analyzing permissions in several systems.

To select initial data

  1. Select Select data with wizard on the Analyzer’s start screen.
  2. Click Start.
  3. Specify an employee group to analyze. Select one of the following selection methods.
    • Structures

      Employees can be selected through the organization and business roles contained in One Identity Manager.

      1. Select the selection method Structures.
      2. Click Next.
      3. Select the organization or business role to analyze in the Structures list.

        The employees assigned to this structure are displayed in the Employees list. Use the Show directly/indirectly assigned employees buttons in the title bar to filter the employees.

        Table 22: Icons for filtering the Employee List
        Icon Meaning
        Show indirectly assigned employees.
        Show directly assigned employees
        Show employees from child nodes
      4. Click Next.
    • Filter wizard

      You define a condition which is used to find the employees in the database. The wizard helps you to formulate a condition (where clause) for database queries. The complete database query is composed internally. The database query references the table "Person". For more information about using the wizard, see .One Identity Manager User Guide for One Identity Manager Tools User Interface and Default Functions

    • Menu

      The list displays all the employees in the One Identity Manager database. Use SHIFT + SELECTION or CTRL + SELECTION to select several employees for analysis.

    • Load wizard template

      Load an existing configuration. Select the template file and click Open.

  4. Click Next.
  5. Select the target system whose user accounts and permissions will be included in the analysis. User CTRL + SELECT to multi-select target systems.
  6. Click Next.
  7. Specify the analysis methods. The following methods are available.
    Table 23: Analysis Method
    Analysis Methods Description

    Simple cluster analysis/Complex cluster analysis

    Permissions are grouped with new business roles using cluster analysis methods and assigned employees.

    The Analyzer supports role mining through two different cluster analysis methods, which differ in the way they calculate the distances between clusters.

    Decision hierarchy

    Permissions are grouped into new business roles in a decision hierarchy and employees are assigned to it. The number of group members is taken as the decision criteria.

    Structure assignment

    You may use existing role structure, for example, organizational structures from ERP systems. The use of existing structures, for example, organizational structure from ERP systems, is possible.

    Permissions analysis

    Employees are analyzed with the help of permissions analysis. Business roles are freely defined and assignments of permissions and employees are evaluated manually based on the existing permissions.

  8. Click Next.
  9. (Optional) To reuse the configuration at a later time, set the option Save configuration as template. Select the directory path for saving the file using the file browser and click Save.
  10. Click Finish to start the analysis.

    This loads the data and starts the analysis. The results of the analysis are subsequently displayed. For more information, see Analysis Evaluation.

  11. Create a new business role if required and assigned employees to them. Add the suggested changes to the One Identity Manager database. For more information, see Transferring Changes.

Predefined Analyzes

NOTE: Analysis methods are made available when the Active Directory Module is present.

The following predefined analyses are provided:

  • Active Directory Employee Permissions

    Permissions are analyzed of all employees with Active Directory group memberships.

  • Active Directory Employee Permissions and Departments

    Permissions are analyzed of all employees with Active Directory group memberships. Departments with Active Directory groups are also included in the analysis.

To start predefined analysis

  1. Select Active Directory Employee Permissions or Select Active Directory Employee Permissions and Departments on the Analyzer home tab.
  2. Click Start.

    This loads the analysis data and starts analysis immediately. This may take some time, depending on the amount of data.

    Analysis data is displayed depending on the program settings. Click Expand... to see detailed information. Click Finish to close the dialog box. The results of the analysis are subsequently displayed. For more information, see Analysis Evaluation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating