Chat now with support
Chat with Support

Identity Manager 8.0 - System Roles Administration Guide

Editing System Roles

Editing System Roles

To edit system roles

  1. Select the category Entitlements | System Roles.
  2. Select the resource in the result list. Select Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the system role's master data.
  4. Save the changes.

Enter the following data for a system role.

Table 5: System Role Master Data

Property

Description

Display Name

Name for displaying the system roles in One Identity Manager tools.

System role

Unique identifier for the system role.

Internal product names

An additional internal name for the system role.

System role type

Specifies the type of company resources, which comprise the system role.

Service item

In order to use a service item within the IT Shop, assign a service item to it or add a new service item. For more information about service items, see the One Identity Manager IT Shop Administration Guide.

System role manager

You can assign any employee to be a manager for the system role. This employee can edit system role master data. They can be used as attestors for system role properties.

Share date

Specify a date for enabling the system role. If the date is in the future, the system role is considered to be disabled. If the date is reached, the system role is enabled. Employees inherit company resources that are assigned to the system role.

If the share date is exceeded or no date is entered, the system role is handled as an enabled system role. Company resource inheritance can be controlled with the option Disabled in these cases.

NOTE: Configure and set the schedule "Share system roles" in the Designer to check the share date. For more information about schedules, see the One Identity Manager Configuration Guide.

Risk index (calculated)

Maximum risk index values for all company resources. This property is only visible if the configuration parameter "QER\CalculateRiskIndex" is set. For more information about calculating risk indexes, see the One Identity Manager Risk Assessment Administration Guide.

Comment

Spare text box for additional explanation.

Remarks

Spare text box for additional explanation.

Description

Spare text box for additional explanation.

Disabled

Specifies whether employees inherit the company resources contained in the system role.

If the option is set, the system role can be assigned to employees. However they cannot inherit the company resources contained in the system role.

If the option is not set, the employees that are assigned the system role, immediately inherit company resources allocated to the system role.

If the option is enabled at a later date, existing assignments are removed.

IT Shop

Specifies whether the system role can be requested through the IT Shop. This system role can be requested by staff through the Web Portal and the request granted by a defined approval procedure. The system role can still be assigned directly to employees and hierarchical roles. For more information about the IT Shop, see the One Identity Manager IT Shop Administration Guide.

Only for use in IT Shop

Specifies whether the system role can only be requested through the IT Shop. This system role can be requested by staff through the Web Portal and the request granted by a defined approval procedure. The system role may not assigned directly to hierarchical roles.

Spare fields no. 01.....spare field no. 10

Additional company specific information. Use the Designer to customize display names, formats and templates for the input fields.

Assigning System Roles to Company Resources

Assigning System Roles to Company Resources

Assign the company resources you want to group together into one package, to the system role. When you assign system roles to employees and workdesks, the company resources are inherited by the employees and workdesks. The following table lists the company resources you can assign to system roles.

NOTE: Company resources with the option Only use in IT Shop can only be assigned to system roles that also have this option set.

Note: Company resources are defined in the One Identity Manager modules and are not available until the modules are installed.
Table 6: Possible Assignments of Company Resources to System Roles
Company Resource Available in Module
Resources always
Account definitions Target System Base Module
Groups of custom target systems Target System Base Module
Active Directory groups Active Directory Module
SharePoint groups SharePoint Module
SharePoint roles SharePoint Module
LDAP groups LDAP Module
Notes groups IBM Notes Module
SAP groups SAP R/3 User Management module Module
SAP profiles

SAP R/3 User Management module Module

SAP roles SAP R/3 User Management module Module
Structural profiles SAP R/3 Structural Profiles Add-on Module
BI analysis authorizations SAP R/3 Analysis Authorizations Add-on Module
E-Business Suite entitlements Oracle E-Business Suite Module
System roles System Roles Module
Subscribable reports Report Subscription Module
Applications Application Management Module

Azure Active Directory groups

Azure Active Directory Module

Azure Active Directory Administrator Roles

Azure Active Directory Module

G Suite groups

G Suite Module

G Suite products and SKUs

G Suite Module

To add company resources to a system role

  1. Select the category Entitlements | System Roles.
  2. Select the system role in the result list.
  3. Select the task to assign the corresponding company resource.
  4. Assign company resources in Add assignments.

    - OR -

    Remove company resource in Remove assignments.

  5. Save the changes.

Assigning System Roles to Workdesks and Employees

Assigning System Roles to Workdesks and Employees

You can assign system roles directly or indirectly to employees or workdesks. In the case of indirect assignment, employees (workdesks) and system roles are grouped into hierarchical roles. The number of system roles is calculated from the position in the hierarchy and the direction of inheritance assigned to an employee (or workdesk).

Prerequisites for indirect assignment to employees
  • Assignment of employees and system roles is permitted for role classes (department, cost center, location or business role).
Prerequisites for indirect assignment to workdesks
  • Assignment of workdesks and system roles is permitted for role classes (department, cost center, location or business role).

Add employees to a shop as customers so that system roles can be assigned through IT Shop requests. All system roles assigned as product to this shop can be requested by the customers. Requested system roles are assigned to the employees after approval is granted.

Note: The company resources are not inherited if the system role is disabled or if the share date is still in the future.
Detailed information about this topic
Related Topics

Assigning System Roles to Departments, Cost Centers and Locations

Assigning System Roles to Departments, Cost Centers and Locations

Assign the system role to departments, cost centers and locations for it to be assigned to employees and workdesks through these organizations.

To assign a system role to departments, cost centers and locations

  1. Select the category Entitlements | System Roles.
  2. Select the system role in the result list.
  3. Select Assign organizations.
  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.
    • Assign locations on the Locations tab.
    • Assign cost centers on the Cost center tab.

    - OR -

    Remove the organizations from Remove assignments.

  5. Save the changes.
Related Topics
Related Documents