Identity Manager 8.0 - Web Portal User Guide

Deleting Entitlements

In the Entitlements view of a responsibility you can delete entitlements in the same way.

To delete an entitlement

1. Perform one of the following tasks.
   1. Open the Business Roles menu and select a business role.
   2. Open the System Roles menu and select a system role.
   3. Open the Department menu and select a department.
   4. Open the Cost Center menu and select a cost center.
   5. Open the Location menu and select a location.
   6. Open the Resources menu and select a resource.
   7. Open the Assignment resources menu and select an assignment resource.
   8. Open the Multi-requestable/unsubscribable resources menu and select a resource.

1. Select Entitlements and click Remove.

Splitting a Role

The original idea behind splitting a role is to take assignments from role A and transfer them to role B. An example of role splitting could be, if memberships assigned to role B have less entitlements as memberships assigned to role A.

By splitting role A assigned memberships and individual entitlements of role A can be retained, moved or copied to role B.

Any combination of role types is allowed.

To split a role

1. Perform one of the following tasks.
   1. Open the Business Roles menu and select a business role.
   2. Open the System Roles menu and select a system role.
   3. Open the Department menu and select a department.
   4. Open the Cost Center menu and select a cost center.
   5. Open the Location menu and select a location.
2. Select Split.

   This opens a dialog box. The New role data view is shown.

3. Configure the following in the New role data view and click Next.

   Fields marked with * are compulsory.

   Table 57: Settings in the view "New role data"

   Role type	Setting	Description
   All	Type of the new role	Menu for selecting a type for the new role. The following object types are available in the Web Portal.
   All	Department / Business role / Cost center / Location *	Text box for the new role's name. A name must be entered for every role type.
   All	Short name	Text box for entering a short name for the role. This is compulsory (*) for the role type 'cost center'.
   Department	Object ID	Text box for an object ID for the new role.
   Location / business role	Location	Text box for entering a location.
   Business role	Internal name	Text box for an internal name for the business role.
   Location	Name	Text box for entering the location's name.
   Department / Business role / Cost center / Location	Manager	Control for selecting a manager.
   Department	Deputy Manager	Control for selecting a deputy manager.
   Business role	Role class *	Role class menu.
   Business role / Cost center / Location *	Deputy manager	Control for selecting a deputy manager. The option Employees do not inherit is also available.
   Department	Parent department / Attestor / Cost center / Role approver / Role approver (IT)	Controls for selecting the respective settings.
   Business role	Parent business role / Role type / Role approver / Role approver (IT)	Controls for selecting the respective settings.
   Cost center	Parent cost center / Attestor / Department / Role approver / Role approver (IT)	Controls for selecting the respective settings.
   Location	Parent location / Attestor / Department / Cost center /Role approver / Role approver (IT)	Controls for selecting the respective settings.
   All	Description	Text box for more detailed description.
   Business role	Comment	Text box for additional comments.

   After clicking Next, the Splitting view is opens. The view is divided in to the sections No change, Copy to new role and Move to new role, which a differentiated by color.

   All memberships assigned to role A are listed in Copy to new role. Assigned members are copied to the new role by default. This means, they are contained in role A and in role B after splitting.

   However, You can copy or move these members to the new role or retain them. The following edit options are available. Edit option also apply to assigned entitlements.

   Table 58: Assignment Edit Options and Effects on Role A and Role B

   Section	Action	Significance
   No change / Copy to new role / Move to new role	Retain assignment	The entitlement / membership remains in role A.
   	Retain and copy to new role.	The entitlement / membership is copied to role B. It is now in role A and in role B.
   	Move to new role	The entitlement / membership is moved to role B. It is now in role B but not in role A.

4. Configure the assigned memberships and entitlements by navigating to an object, an employee in Copy to new role, for example, and clicking .
5. Select one of the following actions from the menu and click Next.
   1. Keep this assignment
   2. Keep and copy to new role.
   3. Move to the new role

   This opens the Verify view and lists the actions.

6. You can deselect individual actions if you do not want to run them all. Click Next.

   Save changes to the script. This opens the Results view.

7. Close the dialog box.

Compare and Merge

You can compare and merge any combination of role types. For example, you can compare the properties of a business role and a department, take the properties you want from them and merge them. This function is available in the My Responsibilities menu for your responsibilities.

To compare and merge roles

1. Perform one of the following tasks.
   1. Open the Business Roles menu and select a business role.
   2. Open the System Roles menu and select a system role.
   3. Open the Department menu and select a department.
   4. Open the Cost Center menu and select a cost center.
   5. Open the Location menu and select a location.
2. Select Compare and merge.

   This opens a dialog box. the view Select a comparison role.

3. Select a second role in the Compare and merge view using Assign next to Object type.

   NOTE: If a role is already selected, user Change to edit the selection.

   Memberships and entitlements of the selected roles containing the following information are listed:

   Table 59: Overview of the selected roles' assignments

   Column	Description
   Object	Display name of the assigned entitlement or membership, which occurs in one of the selected roles.
   Type	Type of the entitlement or membership.
   Name of the source role	Assignment type if the entitlement or membership. The following assignment types are available. Direct Inherited Requested Dynamic Not assigned For more detailed information about "Basics for Assigning Company Resources", see the One Identity Manager Identity Management Base Module Administration Guide.
   Name of the second role	See "Name of the source role".
   Comparison	Name of the role with this assignment.

4. View the assignments of both roles and click Merge the selected roles.

   NOTE: Use the filter function, which is available on nearly every column, to make the list of assignments clearer. For more information, see Filter.

   The Verify view is active. This lists the actions that need to run to merge the roles.

5. Verify the suggested changes and enable/disable the actions, which should be either taken or not taken into account when the roles are merged. Click Next.

   Save changes to the script. This opens the Results view.

6. Close the dialog box Compare and Merge dialog box.

   If you have transferred all the properties of the second role by merging, this role is removed from the overview.

Restoring to a Historical Status

In the History view you can roll back the current state of a business role to a state it has had in the past. In the process, you decide yourself which attributes to change. After selecting the business role, all attributes are displayed. These attributes can all be rolled back, with a few exceptions, to a historical state.

In the following table, reasons are listed that prevent roll back to a historical state.

To roll back the state of a business role to a historical state

1. Open the Business Roles menu and select a business role.
2. Select the Status comparison view under History.
3. Use and to set the date and time.

   All the attributes for this business role are displayed in a list. These include business role properties, memberships, actions, amongst others. By default, all attributes are selected.

   NOTE: If you cannot select an attribute, the check box is not set.

4. Disable the Roll back check box and set each attribute you want to roll back, separately.
5. Confirm with Roll back changes.

   The selected attributes are displayed in the Roll back changes dialog box. You can still change your choice by disabling enabled attributes.

   There are other actions available in the context menu View settings, which are listed in the following table.

   Table 61: Entries in the Menu "View Settings"

   Menu Item	Description
   Reset view	Sets the view back to default after you have, for example, applied a filter.
   Save current view	Save the current view to using with filters, for example.
   Reload data	Reloads the data.

6. Roll the selected business role attributes back to their historical state with Roll back.