Chat now with support
Chat with Support

Identity Manager 8.1.2 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Granulated permissions for the SQL Server and database

Which employees use the system user?

Employees obtain a system user direct through their master data or dynamically through their One Identity Manager applications roles.

To display which employees are assigned to a system user

  1. In the Designer, select the Permissions | System user category.
  2. Select a system user and start the User & Permissions Group Editor with the Edit system user task.
  3. Select the View | One Identity Manager employees menu item.

    NOTE: You cannot change the assignments in this view.

Deleting dynamic system users

NOTE: If no role-based logins of employees who use dynamic system users are performed for some time, you should delete the dynamic system users for performance reasons. A new dynamic system user is created during the next role-based employee login.

To delete system users

  • In the Designer, enable the Common | DynamicUserLifetime configuration parameter and enter the maximum retention period in days for dynamic system users.

    If the configuration parameter is set, dynamic system users, whose retention period has expired, are deleted from the database as part of the daily maintenance tasks.

Editing table permissions and column permissions

In the Designer, you can edit permissions using the Permissions Editor. You can also simulate the permissions for the individual system users in the Permissions Editor.

With the Permissions Editor, you can:

  • Assign permissions for custom tables and columns to custom permissions groups

  • Assign permissions for predefined tables and columns in the One Identity Manager schema to custom permissions groups

  • Assign permissions for custom tables and columns to predefined permissions groups

The permissions for predefined permission groups to predefined tables and columns in the One Identity Manager schema cannot be changed.

For custom schema extensions, use the Schema Extension program, specify a permissions group with read and write permissions as well as a permissions group with read permissions only. This make initial access to the schema extensions possible with One Identity Manager administration tools.

Detailed information about this topic

Displaying the permissions of a permissions group

To display all permissions for a permission group

  1. In the Designer, select the Permissions category.
  2. Start the Permissions Editor using the Edit permissions task.
  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group for which you want to display permissions.

    The tables and columns of the One Identity Manager schema and the permissions of the selected permissions group are displayed in the upper area of Permissions Editor. Use the following Permissions Editor options to adjust the layout.

    • To display tables with permissions first, enable the Options | Permissions sort order menu.
    • To display disabled tables and columns, enable the Options | Show disabled tables menu.
    • To use the display names of the tables and columns, enable the Options | Display name menu.
    • To limit the display of the tables, use the Show system tables, Show non-system tables, and Show all tables menu items in the Options menu. Alternatively, use the Define filter or Manage filters menu items to define your own user-defined filters for displaying the tables and columns.

      For detailed information about creating user-defined filters in the Designer, see the One Identity Manager User Guide for One Identity Manager Tools User Interface.

Related Documents