Chat now with support
Chat with Support

Identity Manager 8.1.2 - Business Roles Administration Guide

Managing business roles
One Identity Manager users for business roles Hierarchical role structure basic principles Basic principles for assigning company resources Basic principles for calculating inheritance Preparing business roles for company resource assignments Basic data for structuring business roles Editing business roles Assigning employees, devices and workdesks to business roles Assigning business roles to company resources Analyzing role memberships and employee assignments Setting up IT operating data Additional tasks for managing business roles Reports about business roles
Role mining in One Identity Manager

Modify IT operating data

If IT operating data changes, you must transfer the changes to the existing user accounts. To do this, templates must be rerun on the affected columns. Before you can run the templates, you can check what effect a change to the IT operating data has on the existing user accounts. You can decide whether the change is transferred to the One Identity Manager database in the case of each affected column in each affected database.

  • The IT operating data of a business role have been changed.

    - OR -

  • The default values in the IT operating data template were modified for an account definition.

NOTE: If the assignment of an employee to a primary business role changes, the templates are automatically executed.

To execute the template

  1. In the Manager, select the <target system type> | Basic configuration data | Account definitions | Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Execute templates task.

    This displays a list of all user account, which are created through the selected account definition and whose properties are changed by modifying the IT operating data.

    Old value: Current value of the object property.
    New value: Value that the object property would have following modification of the IT operating data.
    Selection: Specifies whether the modification shall be adopted for the user account.
  4. Mark all the object properties in the selection column that will be given the new value.

  5. Click Apply.

    The templates are applied to all selected user accounts and properties.

Additional tasks for managing business roles

After you have entered the master data, you can run the following tasks. You can find the most important information on the overview form.

Creating dynamic roles

Use this task to define dynamic roles for individual business roles. Dynamic roles are used to specify role memberships dynamically. Employees, devices, and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees (devices or workdesks) fulfill these conditions. The means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a business role in this way; if an employee leaves the department they immediately lose the resources assigned to them.

Dynamic roles always relate to the secondary role assignment of an employee object. Therefore secondary assignment of employees, devices and workdesks to role classes must be permitted. If necessary, further configuration settings need to be made. For more information, see Permitting assignments of employees, devices, workdesks, and company resources.

NOTE:Create dynamic role is only available for business roles that do not have Dynamic roles not allowed set.

To create a dynamic role

  1. Select the category Business roles | <Role class>.
  2. Select a business role in the result list.
  3. Select Create dynamic role in the task view.
  4. Enter the required master data.
  5. Save the changes.

To edit a dynamic role

  1. Select Business roles | <Role class> | Dynamic roles.
  2. Select a business role in the result list.
  3. Open the business role's overview form.
  4. Select the form element Dynamic roles and click on the dynamic role.
  5. Select Change master data.
  6. Edit the dynamic role's master data.
  7. Save the changes.

For more detailed information about creating and editing dynamic roles, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics

Assigning organizations

Use this task to map which relations exist between business roles and departments, cost centers and locations. This task has the same effect as assigning a department, cost center, or location on the business role master data form. The assignment is entered in the respective foreign key column in the base table.

To assign a department, cost center, or location to business roles

  1. Select Organizations | Departments, Organizations | Cost centers, or Organizations | Locations.
  2. Select the role in the result list.
  3. Select Assign employees.
  4. Assign business roles in Add assignments.

    The selected role is assigned to all business roles as department, cost center or location.

    - OR -

    Remove the business roles in Remove assignments.

  5. Save the changes.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating