Chat now with support
Chat with Support

Identity Manager 8.0 - Configuration Guide

One Identity Manager Software Architecture Working with the Designer Customizing the One Identity Manager Default Configuration Checking Data Consistency Compiling a One Identity Manager Database Working with Change Labels Basic System Configuration Data
One Identity Manager Authentication Module Database Connection Data Configuration Parameters for System Configuration Setting up the Mail Notification System Enabling More Languages for Displaying and Maintaining Data Displaying Country Information Setting Up and Configuring Schedules Password Policies in One Identity Manager Reloading Changes Dynamically TimeTrace Databases Machine Roles and Server Functions Files for Software Update Operating Systems in Use System Configuration Reports Using Predefined Database Queries Managing Custom Database Objects within a Database
The One Identity Manager Data Model Granting One Identity Manager Schema Permissions Working with the User Interface
Object definitions for the User Interface User Interface Navigation Forms for the User Interface Statistics in the One Identity Manager Extending the Launchpad Task Definitions for the User Interface Applications for Configuring the User Interface Icons and Images for Configuring the User Interface Language Dependent Data Representation
Process Orchestration in One Identity Manager
Declaring the Job Server One Identity Manager Service Configuration Handling Processes in the One Identity Manager
Tracking Changes with Process Monitoring Conditional Compilation using Preprocessor Conditions One Identity Manager Scripts Maintaining Mail Templates Reports in the One Identity Manager Custom schema extensions Transporting One Identity Manager Schema Customizations Importing Data Web Service Integration SOAP Web Service One Identity Manager as SPML Provisioning Service Provider Searching for Errors in the One Identity Manager Processing DBQueue Tasks One Identity Manager Configuration Files

Functions in the Permissions Edit View

This view contains two permissions views. In one, the permissions of a permissions group are edit in the tables and columns of the data model and in the other, the current permissions situation is established by the permissions simulation.

The permissions displayed in the edit permissions view always relate to the permissions group which is selected in the toolbar. You can add, edit and delete permissions for the permissions group for table or columns.

Each of the permissions in the view is represented by a check box. If the check box is not active the corresponding permission is withdrawn. If the check box is set, the corresponding permission is allowed.

NOTE: Use SHIFT + left mouse button or CTRL + left mouse button to select multiple tables or columns for editing.

Table 123: Meaning of Icon Used
Icon Meaning
Table
Column
Foreign key column (FK)
Primary key column (PK)
Table 124: Context Menu Items for Editing Permissions
Context Menu Item Meaning
New Adds a new table or column permission for a permissions group or account user.
Delete Deletes a table or column permission for a permissions group or account user.
Copy Copies table (column) permissions from the selected permissions group or system user.
Paste Inserts copied table (column) permissions into the selected permissions group.
Copy all permissions Copies all table (column) permissions from the selected permissions group.
Paste all permissions Inserts all copied table (column) permissions into the selected permissions group.
Navigation Shows all other editors that can be used with the selected object.

Filtering Entries in the Permissions Editor

Filtering Entries in the Permissions Editor

Use the Options item in the Permissions Editor menu with its predefined filters and filter conditions to limit the number of of tables displayed in the editing and simulating permissions view.

Table 125: Predefined Filters in the Editor
Filter Meaning
Show all tables Shows all database model tables.
Show non-system tables Only shows tables from the application data model.
Show system tables

Only shows tables from the system data model.

Show disabled tables Disabled tables are displayed as well.

You also have the option to set up ad hoc filters and permanent filters. Ad hoc filters are used for one-off searches. These filters are not saved and are immediately applied to the display. A permanent filter is recommended if you want to reuse it more frequently. Permanent filters are saved and are therefore always available for use.

Related Topics

Granting Permissions for Tables

You can give tables the following permissions.

Table 126: Table Permissions
Permissions Meaning
Viewable

The table data is displayed.

Insertable

New data can be added to the table.

Editable

Table data can be edited.

Deletable

Table data can be deleted.

NOTE: If permissions "Insertable", "Editable" or "Deletable" are granted, "Viewable" permissions are implicit. In this case, the option Viewable is grayed out in the Permissions Editor.

Permissions filter

You can limit table elements by setting conditions for viewing, editing, inserting and deleting. This makes it possible to link editability of employee data sets to their names, for example. In this way, a user can allow read access only to employee data where the last names begin with A-F, whereas employee data from G-Z can be given write access.

NOTE: Limiting conditions can only be defined for application database tables.

Table 127: Permissions filter
Condition Meaning
for viewing Limiting condition for displaying data sets.
for editing Limiting condition for editing data sets.
for inserting Limiting condition for inserting data sets.
for deleting Limiting condition for deleting data sets.

Format your condition like a where-clause in a database query.

Example

For example, if the user should be able to view all employee, but only edit those with a last name beginning with "B", you can format the condition for editing as follows:

Lastname like 'B%'

TIP: Use the SQL check button to test the condition. This checks the syntax. The number of objects that comply is returned.

Related Topics

Granting Column Permissions

IMPORTANT: When you grant column permissions, you must apply the same permissions to the tables. This means, a column is only visible when the table is too.

You can grant the following permissions for columns:

Table 128: Column Permissions
Permissions Meaning
Viewable The column is displayed.
Editable The values in the columns can be changed
Insertable

The value in the column can be edited when a new data record. Once the data record has been saved it can no longer be edited.

For example, when an Active Directory User is created, an Active Directory Container is defined. Because this is a key field the Active Directory Container cannot be changed after the object has been saved.

NOTE: If permissions "Insertable", "Editable" or "Deletable" are granted, "Viewable" permissions are implicit.

Related Topics
Related Documents