All employees should be able to see the user interface for an IT Shop in a web front-end, without taking table and column permissions into account.
To do this, you set up a new application, for example, "WebShop_Customer", and change the configuration data as follow:
<DialogUserDetect>
<Usermappings>
<Usermapping
DialogUser = "dlg_all"
/>
</Usermappings>
</DialogUserDetect>
Add a new permissions group "WebShop_Customer", which contains the user interface for the application, consisting of menu items, user interface forms and task definitions. The user interface could consist of the following menu items:
Define a new system user "dlg_all" and add it to the permissions groups "vi_CentralPwd", "vi_ITShopOrder" and "WebShop_Customer".
The scenario described in the previous example is extended such that only the cost center manager can see an employee’s leaving date. You need to add the input field LeavingDate to the contact data form to do this.
Permissions are used for controlling viewing and editing. Define a new system user "dlg_kst" and add it to the permissions groups "vi_CentralPwd", "vi_ITShopOrder" and "WebShop_Customer". You should also give the system user read and write access to the column Person.Exitdate.
Change the application configuration data such that cost center manager uses the system user "dlg_kst" to log in. All other employees use the system user "dlg_all" to log in.
Change the configuration data as follows:
<DialogUserDetect>
<Usermappings>
<Usermapping
DialogUser = "dlg_kst"
Selection = "select 1 where %uid% in (select uid_personhead from profitcenter)"
/>
<Usermapping
DialogUser = "dlg_all"
/>
</Usermappings>
</DialogUserDetect>
To assign function groups to permissions groups you have to define two database views. The first database view shows the assignment of employees to function groups. The database view contains two columns UID_Person and FunctionGroup.
Example:
create view custom_Person2Fu as
select uid_personHead as UID_Person, 'Cost center manager' as FunctionGroup
from Profitcenter
where isnull(uid_personHead, '') > ' '
union all
select uid_personHead, 'Department manager' as FunctionGroup
from Department
where isnull(uid_personHead, '') > ' '
The second database view assigns function groups to permissions groups. This database view contains two columns FunctionGroup and DialogGroup.
Example:
create view custom_Fu2D as
select 'Cost center manager' as FunctionGroup, 'Custom_Dialoggroup_ChefP' as DialogGroup
union all select 'Department manager', 'Custom_Dialoggroup_ChefD'
Set up the permissions groups with the desired user interface and the necessary permissions. Define the system users corresponding to the number of permissions groups required. The number of system user accounts necessary is 2^ (number of permissions groups)-1. Assign the system user directly to the permissions groups.
Group name | UserName |
---|---|
Custom_Dialoggroup_ChefP | CustomUserP |
Custom_Dialoggroup_ChefP | CustomUserPD |
Custom_Dialoggroup_ChefD | CustomUserPD |
Custom_Dialoggroup_ChefD | CustomUserD |
Change the configuration data for assigning function groups to permissions groups as follows:
<DialogUserDetect>
<FunctionGroupMapping
PersonToFunction = "custom_Person2Fu"
FunctionToGroup = "custom_Fu2D"
/>
</DialogUserDetect>
The One Identity Manager database connection data is set up by the initial schema installation. This information is also accessed when tasks are generated for the One Identity Manager Service.
|
NOTE: Changes to the data are not usually necessary and should only be made by advanced users. |
To change the connection parameter
Data | Description |
---|---|
Server |
Database server. |
Windows authentication |
Specifies whether Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication. |
User |
Database user. |
Password |
Database user password. |
Database |
Database. |
Data | Description |
---|---|
Direct access (without Oracle client) | Set this option for direct access.
Deactivate this option for access via Oracle Clients. Which connection data is required, depends on how this option is set. |
Server | Database server. |
Port | Oracle instance port. |
Service name | Service name. |
User | Oracle database user. |
Password | Database user password. |
Data source | TNS alias name from TNSNames.ora. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy