Use the User & Permissions Group Editor to create and edit system users and permissions groups. The editor is started from the program "Designer" and opens in the document view. Only additional User & Permissions Group Editor functions are described in the following.
The following items are added to the menu bar when the editor starts.
|Permissions group||New||Adds a new permissions group.|
|Delete||Deletes the selected permissions group after requesting confirmation.|
|Assign users...||Opens a dialog window in which system users can be selected for assignment to a permissions group|
|Copy permissions groups...||Starts a wizard for copying permissions groups.|
|Refresh||Updates the hierarchical view of the permissions groups.|
|Users||New||Adds a new system user.|
|Delete||Deletes the selected system user after requesting confirmation.|
|Assign permissions groups...||Opens a dialog window in which permissions groups can be selected for assignment to a system user.|
|Create administrator||Creates a new system user and adds it to the default permissions group.|
|Options||Display permissions group inheritance||Shows/hides a system user’s permissions group membership inheritance in the hierarchical view.|
|View||Properties||Shows/hides the edit view.|
|One Identity Manager employees||Shows employees that use this system user.|
|Help||Users and permissions group management help||Opens the help on this topic.|
|User & Permissions Group Editor help||Opens the editor help.|
|Inserts a system user.|
|Deletes a system user.|
|Inserts a permissions group.|
|Deletes a permissions group.|
|Zooms in on the view.|
|Zooms out on the view.|
|Hides/shows system user’s inherited permissions group memberships in the hierarchical view.|
|Updates the permissions group display in the hierarchical view.|
The User & Permissions Group Editor has several views for displaying and editing system users and permissions groups.
|System user and permissions groups edit view||The properties of the selected system user or permissions group are displayed in the edit view and may be changed there. A default context menu is available for input fields.|
|System user and permissions groups edit view||
This view displays the permissions groups in their hierarchical form. The permissions group memberships are displayed for one system user. Each permissions group is represented by a permissions group element. Each permissions group element has a tooltip. The contents of the tooltip is made up of the name and description of the permissions group.
Figure 23: User & Permissions Group Editor with Hierarchical View (Above) and Edit View (Below)
|Context Menu Item||Meaning|
|Assign users...||Assigns users to the selected permissions group.|
|Assign permissions group...||Assigns permissions groups to the selected system user.|
|Inherit permissions from...||The selected permissions group is added to other permissions groups and inherits permissions from those permissions groups.|
|Permissions inherited by...||More permissions group are added to the selected permissions group. Permissions subgroups inherit permissions from the selected permissions group.|
|Navigation||Shows all other editors that can be used with the selected object.|
You can enable permissions and user interface components to be passed on from one permissions group to other permissions groups by structuring permissions groups hierarchically. This means that inheritance is top down within the hierarchy.
Two permissions groups are defined with the following permissions and user interface components.
|Permissions group||Permissions||User interface|
|A||Viewing permissions||Menu structures and forms|
Permissions group A is above permissions group B in the hierarchy, so that B inherits the permissions group from A. Therefore the viewing and edit permissions and the menu structure, form and methods are available to users of the permissions group B.
You can use the hierarchical view in the User & Permissions Group Editor to set up dependencies between permissions groups. Permissions groups, which are higher up in the hierarchy are displayed further to the right in the User & Permissions Group Editor. When a permissions group is selected in the hierarchical view, the dependencies to other permissions groups are marked in color which also is also used to show the direction of inheritance.
Figure 24: Diagram of Permissions Group Hierarchy (Direction of Inheritance from Right to Left)
The selected permissions group.
|Purple||This permissions group is a child of the selected permissions group and directly inherits from the selected permissions group.|
|Light purple||This permissions group inherits indirectly from the selected permissions group over the hierarchy.|
|Red||This permissions group is a parent of the selected permissions group and passes inheritance to the selected permissions group.|
|Light red||This permissions group passes inheritance indirectly to the selected permissions group over the hierarchy.|
|Gray||This permissions group does not inherit or pass inheritance to the selected permissions group.|
When a new permissions group is inserted into the hierarchical view the element is initially labeled as "New permissions group". The permissions group name is copied to the permissions group element when the hierarchical view is refreshed.
To display the permissions group elements hierarchically they are attached to each other with a connector. You can control the connection points with your mouse.