When a system user is used to log into the system, the currently effective permissions for the objects are determined based on the permissions groups. The following rules are used to determine the resulting permissions:
The following example shows how to group permissions if the user is directly assigned in permissions groups and the permissions groups are not connected hierarchically.
A system user obtains permissions to the table ADSAccount through different permissions groups.
Permissions group | Viewable | Editable | Insertable | Deletable |
---|---|---|---|---|
A | 1 | 1 | 1 | 1 |
B | 0 | 0 | 0 | 0 |
In addition, it is granted permissions to the table LDAPAccount through these permissions groups.
Permissions group | Viewable | Editable | Insertable | Deletable |
---|---|---|---|---|
A | 1 | 0 | 0 | 0 |
B | 1 | 1 | 1 | 0 |
Therefore, the system user has effectively the following permissions:
Table | Viewable | Editable | Insertable | Deletable |
---|---|---|---|---|
ADSAccount | 1 | 1 | 1 | 1 |
LDAPAccount | 1 | 1 | 1 | 0 |
A system user obtains viewing permissions to the table Person through different permissions groups:
Permissions group | Viewing Condition | Column Viewing Permissions |
---|---|---|
A | Lastname | |
B | Lastname like 'B%' | Lastname, Firstname, Entrydate |
C | Lastname like 'Be%' | Lastname, Firstname, Gender |
D | Lastname like 'D%' | Lastname |
This results in the following permissions for the individual employee objects.
Person.Lastname | Visible Columns |
---|---|
Smith | Lastname |
Bishop | Lastname, Firstname, Entrydate |
Bennett | Lastname, Firstname, Gender |
Dummy | Lastname |
Use the Permissions Editor to grant permissions groups the permissions for accessing the tables and columns in the One Identity Manager’s schema. The editor is started from the program "Designer" and opens in the document view. Only additional Permissions Editor functions are described in the following.
The following items are added to the menu bar when the editor starts.
Menu | Menu Item | Meaning | Key Combination |
---|---|---|---|
Permissions | New | Creates table or column permissions for the selected permissions group or system user. | Ins |
Delete | Deletes table or column permissions for the selected permissions group or system user. | Del | |
Copy | Copies table (column) permissions from the selected permissions group or system user. | Ctrl + C | |
Paste | Inserts copied table (column) permissions into the selected permissions group. | Ctrl + V | |
Copy all permissions | Copies all table (column) permissions from the selected permissions group. | Ctrl + Shift + C | |
Paste all permissions | Inserts all copied table (column) permissions into the selected permissions group. | Ctrl + Shift + V | |
Refresh view | Refreshes permissions display. | ||
Options | Sort permissions | Sorts the view. Tables and columns with permissions are shown first. | |
Use display values | The display names of the columns and tables are shown. If this option is not set, the table and column names from the One Identity Manager schema are shown. | ||
Show all tables | Shows all database model tables. | ||
Show non-system tables | Only shows tables from the application data model. | ||
Show system tables | Only shows tables from the system data model. | ||
Show disabled tables | Shows/hides disabled tables. | ||
Define filter... | Opens a dialog window for creating an ad hoc filter. | ||
Manage filters... | Opens a dialog window for creating permanent filters. | ||
View | Properties | Shows/hides the edit view. | |
Object permissions | Shows/hides the objects permissions. | ||
Help | Permissions management help | Opens the help on this topic. | |
Permissions Editor help | Opens the editor help. |
Icon | Meaning |
---|---|
Creates table or column permissions for the selected permissions group or system user. | |
Deletes table or column permissions for the selected permissions group or system user. | |
Refreshes permissions display. | |
Copies table (column) permissions from the selected permissions group or system user. | |
Inserts copied table (column) permissions into the selected permissions group. | |
Copies all table (column) permissions from the selected permissions group. | |
Inserts all copied table (column) permissions into the selected permissions group. | |
Starts the wizard for defining custom filters. On completion the tables are shown according to the filter. For more information, see Using User Defined Filters for Searching. | |
Sorts the view. Tables and columns with permissions are shown first. | |
The display names of the columns and tables are shown. If the option is not enabled, the technical names according to the One Identity Manager schema are shown. | |
Shows disabled tables. |
The Permissions Editor has several views for displaying and editing access permissions for permissions groups.
View | Description |
---|---|
Edit and simulated permissions view | This view contains two permissions views. In one, the permissions of a permissions group are edit in the tables and columns of the data model and in the other, the current permissions situation is established by the permissions simulation. For more information, see Functions in the Permissions Edit View. |
Resulting permissions view | All the permissions groups that have permissions for a selected table or column are displayed with their own permissions. The permissions in this view cannot be edited. This shows which of the permissions groups selected in the simulation have which permissions. Effective permissions are also displayed. |
Edit individual permissions view | This view is in addition to the edit permissions view. You can make further changes to table or column permissions of permissions groups and user account in this view. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy