To obtain an overview of a customer node
Add the employee to the customer node who is authorized to make requests for the shop. You have two possible ways of doing this. Employee can be assigned to a customer node either directly or through a dynamic role.
|
IMPORTANT: If a shop contains a large number of customer, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server as well.
Never assign more than 30 000 employees to a customer node! |
To assign employees directly to a< custom node
- OR -
Remove employees from Remove assignments.
If an employee is removed from a customer node, all pending requests for this employee are aborted.
Add the employee to the customer node who is authorized to make requests for the shop. You have two possible ways of doing this. Employee can be assigned to a customer node either directly or through a dynamic role.
|
NOTE: The task Create dynamic role is only available for customer nodes which do not have the option Dynamic roles not allowed set. |
|
IMPORTANT: If a shop contains a large number of customer, the calculations in the IT Shop can cause a heavy load on the DBQueue Processor and therefore on the database server as well.
Formulate the condition for the dynamic role so that no more than 30 00 employees are found. |
To create a dynamic role
To edit a dynamic role
For more detailed information about dynamic roles, see the One Identity Manager Identity Management Base Module Administration Guide. The following features apply to dynamic roles for customer nodes:
Property | Description |
---|---|
IT Shop Nodes | This data is initialized with selected customer nodes. If the employee objects meet the dynamic role conditions, they are added to this customer node. |
Object class | Employee |
Dynamic role | The dynamic role name is made up of the object class and the full name of the IT Shop node, by default. |
Calculation schedule |
Schedule for calculating dynamic roles. Employees with request permissions for the shop are determined regularly at the times specified in the schedule. The task "default schedule dynamic role check" is already defined in the standard version of the One Identity Manager. All dynamic role memberships are checked using this schedule and recalculation requests are sent to the DBQueue Processor if necessary. Use the Designer to customize schedules or set up new ones to meet your requirements. |
To delete a dynamic role
In order to delete IT Shop structures you have to remove all the child IT Shop structures. This applies to manually added IT Shop structures in the same way as it does for shelves and products created from shelf templates.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy