Chat now with support
Chat with Support

Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Specify Role Relations

Table 24: Configuration Parameter for Editing Role Relations
Configuration parameter Active Meaning

QER\Structures\RelatedStructures

Preprocessor relevant configuration parameter for controlling the model parts that specify relations between roles. Changes to the parameter require recompiling the database. If the parameter is set, you can specify which roles are mutually exclusive.

Use this task to specify between which roles relations exist. This mapping is only for informative use. Parent node definitions do not provide information about role relations of subordinate roles.

To define relations between departments

  1. Select the category Organizations | Departments.
  2. Select the department in the result list.
  3. Select the task Specify department relations.
  4. Assign the departments for which relations exist in Add assignments.
  5. Save the changes.

To define relations between cost centers

  1. Select the category Organizations | Cost centers.
  2. Select the cost center in the result list.
  3. Select the task Specify cost center relations.
  4. Assign the cost centers for which relations exist in Add assignments.
  5. Save the changes.

To define relations between locations

  1. Select the category Organizations | Locations.
  2. Select the location in the result list.
  3. Select the task Specify location relations.
  4. Assign the locations for which relations exist in Add assignments.
  5. Save the changes.

Reports about Departments, Cost Centers and Locations

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for departments, cost centers and locations.

NOTE: Other sections may be available depending on the which modules are installed.
Table 25: Reports about Departments, Cost Centers and Locations
Report Description
Overview of all Assignments This report finds all the roles in which employees from the selected department, cost center or location are also members.
Data quality of department members (cost center members) This report evaluates the data quality of employee data records. It takes all employees in the department or cost center into account.
Show historical memberships

This report lists all members of the selected department, cost center or location and the duration of their membership.

Employees per department

This report contains the number of employee per department. The primary and secondary assignments to organizations are taken into account. You can find this report in the category My One Identity Manager.

Employees per cost center

This report contains the number of employee per cost center. The primary and secondary assignments to organizations are taken into account. You can find this report in the category My One Identity Manager.

Employees per location

This report contains the number of employee per location. The primary and secondary assignments to organizations are taken into account. You can find this report in the category My One Identity Manager.

Related Topics

Working with Dynamic Roles

Dynamic roles are used to specify role memberships dynamically. Employees, devices or workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees (devices or workdesks) fulfill these conditions. The means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a department in this way; if an employee leaves the department they immediately lose the resources assigned to them.

Role memberships through dynamic roles are implemented as indirect, secondary assignments. Therefore secondary assignment of employees, devices and workdesks to role classes must be permitted. If necessary, further configuration settings need to be made.

Example of Dynamic Role Functionality

All external employees are added to a new dynamic role. These employees should be assigned to a company resource ABC. The dynamic role is initially defined with the following data:

Dynamic role External employees
Description All external employees
Object class PERSON
Condition IsExternal = 1
Department A_1

The department A_1 is now assigned the resource ABC. All employees that fulfill the condition at the time the dynamic role was defined, are assigned to department A_1 and therefore inherit the resource ABC. Employees who fulfill the condition at a later date, are assigned to department A_1 from that moment. Conversely, employees in department A_1 are removed the moment the are no longer known as external employees by One Identity Manager. The resource ABC is no longer available to those employees assuming they have not been assigned the resource through other channels.

Detailed information about this topic
Related Topics

Editing Dynamic Roles

Editing Dynamic Roles

You can create dynamic roles for departments, cost centers, locations, business roles, application roles and IT Shop nodes. This allows you to specify memberships in these roles.

To create a dynamic role

  1. Select the role for which a dynamic role is to be created.
  2. Select Create dynamic role in the task view.
  3. Enter the required master data.
  4. Save the changes.

To edit a dynamic role

  1. Select the role for which the dynamic role was created.
  2. Open the role's overview form.
  3. Select the form element "dynamic roles" and click on the dynamic role.
  4. Select Change master data in the task view.
  5. Edit the data and then save the changes.
Related Topics

For more information about dynamic roles for application roles, see the One Identity Manager Application Roles Administration Guide.

Related Documents