Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Copying Permissions Groups

The User & Permissions Group Editor provides a wizard for copying edit permissions and the user interface of an existing permissions group to a new permissions group.

To copy a permissions group

  1. Select the category Permissions | Permissions groups in the Designer.
  2. Select the permissions group you want to copy and start the User & Permissions Group Editor with the task Edit permissions group.
  3. Select Permssions groups | Copy permissions group....

    This starts a wizard for copying permissions groups.

  4. Click Next.
  5. The permissions group you want to copy is preselected. Enter a name for the new permissions group in Copy name.

    A name suggestion is already entered in the field which is made up from the customer prefix and the original permissions group name. You can alter this name but the customer prefix has to remain.

  6. Click Next.
  7. Select the copy options.
    Table 116: Copy Options for Permissions Groups
    Option Description
    Permissions Set this option to copy table and column permissions of the selected permissions group to the new permissions group.
    Navigation Select this option to copy menu items, forms and tasks of the selected permissions group to the new permissions group.
    System user

    Select this option if the system user should be copied to the new permissions group.

    NOTE: Ensure that predefined system users are not copied to the new permissions group.

  8. To start compiling, click Next.

    The copying process may take some time. Each copy step and any error messages are displayed in the dialog window.

  9. Click Next.
  10. Click Finish to complete the wizard.

You can then run the following tasks:

  • Add the permissions group to permissions group collections
  • Adding the system user to the permissions group
  • Assign additional edit permissions
  • Assign user interface components, such as forms, menu items, tasks or program functions.
Related Topics

Manually Creating Permissions Groups

To create a permissions group

  1. Select the category Permissions in the Designer.
  2. Start the User & Permissions Group Editor with the task Show / edit permissions group.
  3. Add a new permissions group using the menu item Permissions groups | New.

  4. Edit the master data for the permissions group.

You can then run the following tasks:

  • Add the permissions group to permissions group collections
  • Adding the system user to the permissions group
  • Assigning Permissions
  • Assign user interface components, such as forms, menu items, tasks or program functions.
Related Topics

Permissions Groups Properties

Permissions Groups Properties

Table 117: Permissions Group Properties
Property Description
Permissions group Name of the permissions group. Label your own permissions groups with the prefix 'CCC'
Description Detailed description of the permissions group’s purpose.
Remarks Spare text box for additional explanation.
Preprocessor condition

You can add a preprocessor condition to permissions groups. This means that the permissions group is only effective when the condition is met.

Permissions group binary pattern The permissions group binary pattern is used to calculate effective system user permissions. It is provided by the DBQueue Processor.
Only use for role-based authentication

This group includes permissions, form assignments, menu items and program functions for role-based authentication. The permissions group can be assigned to One Identity Manager application roles and is assigned to dynamically determined system users. A direct assignment to non-dynamic system user is not permitted.

NOTE: This function is available if the Identity Management Base Module is installed.

Related Topics

Editing System Users

To create a new system user

  1. Select the category Permissions in the Designer.
  2. Start the User & Permissions Group Editor with the task Show / edit permissions group.
  3. Add a new system user using the menu item Users | New.
  4. Edit the system user's master data.
    Table 118: System User Properties
    Property Description
    System user Name of the system user for logging into the administration tools.
    Password and password confirmation Password for logging into the administration tools as system user.
    Remarks Spare text box for additional explanation.
    Read-only Set this option if the system is member in all permissions group but can only have read access. This results in overwriting all other edit permissions that the system user obtains through permissions group memberships.
    Logins Logins with which the system user can log in to One Identity Manager tools. Enter the login in the form: Domain\User. This information is required if the authentication module "Account-based system user" is used for logging into the One Identity Manager tools.
    Administrative user Specifies whether the user is an administrator. Administrative system users are automatically added to all non role-based permissions groups.

    Service account

    Specifies whether this is a system user used by a service account. This system user is not allocated a permissions groups but has all access permissions, tasks and program functionality.

    External password management

    Specifies whether the system user's password is determined by an external password manager. The password cannot be changed in One Identity Manager. Determining the system user's password must be custom implemented.

  5. Add the system user to permissions groups.
Related Topics
Related Documents