Chat now with support
Chat with Support

Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Primary Assignment

You make a primary assignment by referencing a department, cost center or location through a foreign key to the employee, device and workdesk objects. To do this, you use input fields for roles on the employee, device and workdesk master data forms. Primary assignment inheritance can be enable through configuration parameters. Primary assignment is enabled by default for employee objects.

Figure 8: A Primary Assignment Schema

 NOTE: Changes to the configuration parameter result in the inheritance data being recalculated! That means: if the primary assignment is disabled at a later date, the inheritance data created in this way will be removed from the database.
Table 1: Configuration Parameters for Primary Assignment

Configuration Parameter

Active Meaning

QER\Structures\Inherite\Person

Employees can inherit through primary assignments.

QER\Structures\Inherite\Person\FromDepartment

Employees inherit assignments from their primary department (Person.UID_Department).

QER\Structures\Inherite\Person\FromLocality

Employees inherit assignments from their primary location (Person.UID_Locality).

QER\Structures\Inherite\Person\FromProfitCenter

Employees inherit assignments from their primary cost center (Person.UID_ProfitCenter).

QER\Structures\Inherite\Hardware

Devices can inherit through primary assignments.

QER\Structures\Inherite\Hardware\FromDepartment

Devices inherit assignments from their primary department (Hardware.UID_Department).

QER\Structures\Inherite\Hardware\FromLocality

Devices inherit assignments from their primary location (Hardware.UID_Locality).

QER\Structures\Inherite\Hardware\FromProfitCenter

Devices inherit assignments from their primary cost center (Hardware.UID_ProfitCenter).

QER\Structures\Inherite\Workdesk

Workdesks can inherit though primary assignment.

QER\Structures\Inherite\Workdesk\FromDepartment

Workdesks inherit assignments from their primary department (Workdesk.UID_Department).

QER\Structures\Inherite\Workdesk\FromLocality

Workdesks inherit assignments from their primary location (Workdesk.UID_Locality).

QER\Structures\Inherite\Workdesk\FromProfitCenter

Workdesks inherit assignments from their primary cost center (Workdesk.UID_ProfitCenter).

Assigning through Dynamic Roles

Assignment through dynamic roles is a special case of indirect assignment. Dynamic roles are used to specify role memberships dynamically. Employees, devices and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees, devices or workdesks fulfill these conditions. The means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a department in this way; if an employee leaves the department they immediately lose the resources assigned to them.

Related Topics

Assigning through IT Shop Requests

Assigning through IT Shop Requests

Assignment through the IT Shop is a special case of indirect assignment. Add employees to a shop as customers so that company resources can be assigned through IT Shop requests. All company resources assigned as product to this shop can be requested by the customers. Requested company resources are assigned to the employees after approval is granted. Role memberships can be requested through the IT Shop as well as company resources.

Figure 9: Assignment Schema through Requests

Basics for Calculating Inheritance

Calculation of object assigned through inheritance is done by the DBQueue Processor. Tasks are added to the DBQueue when assignments relevant to inheritance are made. These tasks are processed by the DBQueue Processor and result in follow-on tasks for the DBQueue or in processes for process component "HandleObjectComponent" in the Job queue. Resulting assignments of permissions to user accounts in the target system are inserted, modified or deleted during process handling.

Figure 10: Overview of Inheritance Calculation

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating