Chat now with support
Chat with Support

Identity Manager 8.0 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee Administration
One Identity Manager Users for Employee Administration Basic Configuration Data for Employees Entering Employee Master Data Employee's Central User Account Employee's Central Password Employee's Default Email Address Disabling and Deleting Employees Assigning Company Resources to Employees Origin of an Employee's Roles and Entitlements Analyzing Role Memberships and Employee Assignments Mapping Multiple Employee Identities Limited Access to One Identity Manager Additional Tasks for Managing Employees Determining an Employee‘s Language Determining an Employee‘s Working Hours Employee Reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration Parameters for Managing Departments, Cost Centers and Locations Appendix: Configuration Parameters for Managing Applications Appendix: Configuration Parameters for Managing Devices and Workdesks Appendix: Authentication Modules for Logging into the One Identity Manager

Application Role Master Data

Application Role Master Data

If you add a new application role, you must fill out the compulsory fields.

Table 90: Application Role Properties



Application role

Application role name.

Internal name

Empty text field for a internal company identifier

Full name

Full name of application role. Is made up automatically from the application role name and the parent application role.

Parent application role

Application role to which the application role being edited is subordinate.

Department, location, cost center

Additional information for the application role definition. These input fields are only used for information. They do not indicate for which department, cost center or location the application roles are responsible.

Permissions group

Permissions group for determining write permissions on role-based login. The application role is given access permissions of the associated permissions group. If there is no permissions group assigned, the application role gets write permissions from the parent application role.

Administrators can assign the rest of the application roles to custom defined permissions groups. For more information, see Customized Extension of Application Role Write Permissions.

NOTE: Permissions groups for default administrator application roles for cannot be edited.


Spare text box for additional explanation.


Spare text box for additional explanation.

Certification status

Status of the application role's certification. You can select the following certification statuses:

  • New - The application role has been added to the One Identity Manager database.
  • Certified - The application role's master data has been granted approval by a manager.
  • Denied - The application role's master data has been denied approval by a manager.

Block inheritance

Specifies whether employees from parent application roles can also be determined as approvers for requests in the IT Shop that use the approval methods RD, RL, RO or RP. If this option is set, only employee that are assigned to exactly this application can be determined as approvers.

NOTE: This option available on compatibility grounds with older versions of the program. It is recommended that you set this option.

Dynamic roles not allowed

Specifies whether a dynamic role can be created for the application role.

Spare fields no. 01.....spare field no. 10

Additional company specific information. Use the Designer to customize display names, formats and templates for the input fields.

Related Documents