Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Example of a Simple System User Assignment

All employees should be able to see the user interface for an IT Shop in a web front-end, without taking table and column permissions into account.

To do this, you set up a new application, for example, "WebShop_Customer", and change the configuration data as follow:

<DialogUserDetect>

<Usermappings>

<Usermapping

DialogUser = "dlg_all"

/>

</Usermappings>

</DialogUserDetect>

Add a new permissions group "WebShop_Customer", which contains the user interface for the application, consisting of menu items, user interface forms and task definitions. The user interface could consist of the following menu items:

  • Employee contact data
  • Request a product
  • Cancel a product

Define a new system user "dlg_all" and add it to the permissions groups "vi_CentralPwd", "vi_ITShopOrder" and "WebShop_Customer".

Related Topics

Example of a System User Assignment using Selection Criteria

The scenario described in the previous example is extended such that only the cost center manager can see an employee’s leaving date. You need to add the input field LeavingDate to the contact data form to do this.

Permissions are used for controlling viewing and editing. Define a new system user "dlg_kst" and add it to the permissions groups "vi_CentralPwd", "vi_ITShopOrder" and "WebShop_Customer". You should also give the system user read and write access to the column Person.Exitdate.

Change the application configuration data such that cost center manager uses the system user "dlg_kst" to log in. All other employees use the system user "dlg_all" to log in.

Change the configuration data as follows:

<DialogUserDetect>

<Usermappings>

<Usermapping

DialogUser = "dlg_kst"

Selection = "select 1 where %uid% in (select uid_personhead from profitcenter)"

/>

<Usermapping

DialogUser = "dlg_all"

/>

</Usermappings>

</DialogUserDetect>

Related Topics

Example of a Function Group Assignment

To assign function groups to permissions groups you have to define two database views. The first database view shows the assignment of employees to function groups. The database view contains two columns UID_Person and FunctionGroup.

Example:

create view custom_Person2Fu as

select uid_personHead as UID_Person, 'Cost center manager' as FunctionGroup

from Profitcenter

where isnull(uid_personHead, '') > ' '

union all

select uid_personHead, 'Department manager' as FunctionGroup

from Department

where isnull(uid_personHead, '') > ' '

The second database view assigns function groups to permissions groups. This database view contains two columns FunctionGroup and DialogGroup.

Example:

create view custom_Fu2D as

select 'Cost center manager' as FunctionGroup, 'Custom_Dialoggroup_ChefP' as DialogGroup

union all select 'Department manager', 'Custom_Dialoggroup_ChefD'

Set up the permissions groups with the desired user interface and the necessary permissions. Define the system users corresponding to the number of permissions groups required. The number of system user accounts necessary is 2^ (number of permissions groups)-1. Assign the system user directly to the permissions groups.

Table 47: Extracts from the table "DialogUserInGroup":
Group name UserName
Custom_Dialoggroup_ChefP CustomUserP
Custom_Dialoggroup_ChefP CustomUserPD
Custom_Dialoggroup_ChefD CustomUserPD
Custom_Dialoggroup_ChefD CustomUserD

Change the configuration data for assigning function groups to permissions groups as follows:

<DialogUserDetect>

<FunctionGroupMapping

PersonToFunction = "custom_Person2Fu"

FunctionToGroup = "custom_Fu2D"

/>

</DialogUserDetect>

Related Topics

Database Connection Data

The One Identity Manager database connection data is set up by the initial schema installation. This information is also accessed when tasks are generated for the One Identity Manager Service.

NOTE: Changes to the data are not usually necessary and should only be made by advanced users.

To change the connection parameter

  1. Select the category Base Data | General | Databases in the Designer.
  2. Select the database in the List Editor.
  3. Select Define connection string for database <database name> in the task view.
  4. Enter the database connection data.
    Table 48: SQL Server Database Connection Data
    Data Description

    Server

    Database server.

    Windows authentication

    Specifies whether Windows authentication is used.

    This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

    User

    Database user.

    Password

    Database user password.

    Database

    Database.

    Table 49: Oracle Database Connection Data
    Data Description
    Direct access (without Oracle client) Set this option for direct access.

    Deactivate this option for access via Oracle Clients.

    Which connection data is required, depends on how this option is set.

    Server Database server.
    Port Oracle instance port.
    Service name Service name.
    User Oracle database user.
    Password Database user password.
    Data source TNS alias name from TNSNames.ora.
  5. Click OK.
Related Documents