Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Working with the User & Permissions Group Editor

Working with the User & Permissions Group Editor

Use the User & Permissions Group Editor to create and edit system users and permissions groups. The editor is started from the program "Designer" and opens in the document view. Only additional User & Permissions Group Editor functions are described in the following.

Menu Items

The following items are added to the menu bar when the editor starts.

Table 111: Menu Items Added by the Editor
Menu Menu Item Meaning
Permissions group New Adds a new permissions group.
Delete Deletes the selected permissions group after requesting confirmation.
Assign users... Opens a dialog window in which system users can be selected for assignment to a permissions group
Copy permissions groups... Starts a wizard for copying permissions groups.
Refresh Updates the hierarchical view of the permissions groups.
Users New Adds a new system user.
Delete Deletes the selected system user after requesting confirmation.
Assign permissions groups... Opens a dialog window in which permissions groups can be selected for assignment to a system user.
Create administrator Creates a new system user and adds it to the default permissions group.
Options Display permissions group inheritance Shows/hides a system user’s permissions group membership inheritance in the hierarchical view.
View Properties Shows/hides the edit view.
One Identity Manager employees Shows employees that use this system user.
Help Users and permissions group management help Opens the help on this topic.
User & Permissions Group Editor help Opens the editor help.
Table 112: Meaning of Toolbar Icons
Icon Meaning
Inserts a system user.
Deletes a system user.
Inserts a permissions group.
Deletes a permissions group.
Create administrator.
Zooms in on the view.
Zooms out on the view.
Hides/shows system user’s inherited permissions group memberships in the hierarchical view.
Updates the permissions group display in the hierarchical view.

Views in the User & Permissions Group Editor

Views in the User & Permissions Group Editor

The User & Permissions Group Editor has several views for displaying and editing system users and permissions groups.

Table 113: User & Permissions Group Editor Views
View Description
System user and permissions groups edit view The properties of the selected system user or permissions group are displayed in the edit view and may be changed there. A default context menu is available for input fields.
System user and permissions groups edit view

This view displays the permissions groups in their hierarchical form. The permissions group memberships are displayed for one system user. Each permissions group is represented by a permissions group element. Each permissions group element has a tooltip. The contents of the tooltip is made up of the name and description of the permissions group.

TIP: The layout position of the permissions group elements can be changed by using the mouse.

Figure 23: User & Permissions Group Editor with Hierarchical View (Above) and Edit View (Below)

Table 114: Context Menu Items for the Hierarchical View
Context Menu Item Meaning
Assign users... Assigns users to the selected permissions group.
Assign permissions group... Assigns permissions groups to the selected system user.
Inherit permissions from... The selected permissions group is added to other permissions groups and inherits permissions from those permissions groups.
Permissions inherited by... More permissions group are added to the selected permissions group. Permissions subgroups inherit permissions from the selected permissions group.
Navigation Shows all other editors that can be used with the selected object.

Permissions Group Dependencies

You can enable permissions and user interface components to be passed on from one permissions group to other permissions groups by structuring permissions groups hierarchically. This means that inheritance is top down within the hierarchy.

Example

Two permissions groups are defined with the following permissions and user interface components.

Permissions group Permissions User interface
A Viewing permissions Menu structures and forms
B Edit permissions Methods

Permissions group A is above permissions group B in the hierarchy, so that B inherits the permissions group from A. Therefore the viewing and edit permissions and the menu structure, form and methods are available to users of the permissions group B.

You can use the hierarchical view in the User & Permissions Group Editor to set up dependencies between permissions groups. Permissions groups, which are higher up in the hierarchy are displayed further to the right in the User & Permissions Group Editor. When a permissions group is selected in the hierarchical view, the dependencies to other permissions groups are marked in color which also is also used to show the direction of inheritance.

Figure 24: Diagram of Permissions Group Hierarchy (Direction of Inheritance from Right to Left)

Table 115: Meaning of Colors in the Hierarchical Representation
Color Meaning

Blue

The selected permissions group.

Purple This permissions group is a child of the selected permissions group and directly inherits from the selected permissions group.
Light purple This permissions group inherits indirectly from the selected permissions group over the hierarchy.
Red This permissions group is a parent of the selected permissions group and passes inheritance to the selected permissions group.
Light red This permissions group passes inheritance indirectly to the selected permissions group over the hierarchy.
Gray This permissions group does not inherit or pass inheritance to the selected permissions group.

When a new permissions group is inserted into the hierarchical view the element is initially labeled as "New permissions group". The permissions group name is copied to the permissions group element when the hierarchical view is refreshed.

To display the permissions group elements hierarchically they are attached to each other with a connector. You can control the connection points with your mouse.

  • To link permissions group elements, hold down the left mouse button and drag the connector from one permissions groups element to the other. The mouse cursor changes from a sidewards pointing arrow to a downwards pointing arrow.
  • To release the connection, hold the left mouse button down and drag the connector back from one permissions group element to the other. The mouse cursor changes from a sidewards pointing arrow to an upwards pointing arrow in the process.
Related Topics
Related Documents