Chat now with support
Chat with Support

We are currently experiencing an our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 8.1.4 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Granulated permissions for the SQL Server and database

Displaying permissions for tables

In the Summary of all permissions view in the Permissions Editor, the permissions groups that have permissions for a table or column are displayed. The permissions in this view cannot be edited.

NOTE: To display the Summary of all permissions view, go to the Permissions Editor and enable View | Object permissions. The view is displayed in the lower area of the Permissions Editor.

To display all permissions for a table and its columns

  1. In the Designer, select the table in the Permissions | By tables category.
  2. Start the Permissions Editor using the Edit permissions for table task.

    The Summary of all permissions view displays the permissions groups that have permissions for the selected table.

    TIP: To display a permissions filter completely, click a condition in the view.

  3. (Optional) To display all permissions for a column, open the table entry in the upper area of Permissions Editor and select a column.

    The Summary of all permissions view displays the permissions groups that have permissions for the selected column.

Editing table properties

Use the table permissions to grant the permissions to display, insert, edit, and delete the objects. You can define conditions to further limit the permissions for the objects. You can use the conditions, for example, to link the editability of the employees to their last names. For instance, a user can be given read access only to the employees whose last names begin with A-F, whereas he/she can edit employees with last names beginning with G-Z.

NOTE: The permissions are always edited in the Permissions Editor for the permissions group that you selected in the Permissions Editor toolbar in the Permissions group menu. If you wish to grant permissions for another permissions group, first select this permissions group in the menu and then edit the permissions.

To edit the permissions for a table for a permissions group

  1. In the Designer, select the Permissions category.
  2. Start the Permissions Editor using the Edit permissions task.
  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group for which you want to grant the permissions.
  4. Select the table at the top of the Permissions Editor.

    TIP: Use Shift + select or Ctrl + select to select multiple tables.

  5. Edit the permissions for the permissions group in the Permissions area.

    • To insert new permissions, select the New context menu and enable the associated check boxes. You can grant the following permissions.

      Table 22: Table permissions
      Permissions Meaning
      Viewable

      The table data is displayed.

      Insertable

      New data can be added to the table.

      Editable

      Table data can be edited.

      Deletable

      Table data can be deleted.

      NOTE: If you grant the Insertable, Editable, or Deletable permissions, the Viewable permission is also granted.

    • To withdraw a permission, disable the associated checkbox.
    • Use the Delete context menu, to withdraw all permissions for a table.
  6. (Optional) To specify other conditions for table permissions, go to the lower part of the Permissions Editor and change to the Group permissions for table view and select the Permissions filter tab.

    NOTE: You can only define permissions filters for the tables of the application data model.

    • Enter the conditions as valid WHERE clauses for database queries. You can enter the following permissions filters.

      Table 23: Permissions filter
      Permissions filter Meaning
      Viewing Condition Limiting condition for displaying data sets.
      Edit condition Limiting condition for editing data sets.
      Insert condition Limiting condition for inserting data sets.
      Deletion condition Limiting condition for deleting data sets.
      Example for permissions filters

      A user should be able to see all employees, but only edit the employees whose last names begin with B. Specify the limiting edit condition as follows, for example:

      Lastname like 'B%'

      TIP: Use the SQL check button to test the condition. This checks the syntax. The number of objects that match the condition is returned.

Related topics

Editing column permissions

IMPORTANT:

  • If you grant permissions to columns, you must also grant the permissions to the tables. For example, a column is only viewable if the table is also viewable.

  • To insert objects into a table, the Insert permissions is required for at least the required fields in the table.

  • NOTE: If you grant the Insert or Edit permissions, the View permission is also granted.

  • Use the column definition to conditionally remove viewing permissions from scripts or create edit permissions for a column. If the return value is False, the permissions are removed. For more information about editing column definitions, see the One Identity Manager Configuration Guide.

NOTE: The permissions are always edited in the Permissions Editor for the permissions group that you selected in the Permissions Editor toolbar in the Permissions group menu. If you wish to grant permissions for another permissions group, first select this permissions group in the menu and then edit the permissions.

To modify the permissions for a column for a permissions group

  1. In the Designer, select the Permissions category.
  2. Start the Permissions Editor using the Edit permissions task.
  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group for which you want to grant the permissions.
  4. Select the table at the top of the Permissions Editor and select the column.

    TIP: Use Shift + select or Ctrl + select to select multiple columns.

  5. Edit the permissions for the permissions group in the Permissions area.

    • To insert new permissions, select the New context menu and enable the associated check boxes. You can grant the following permissions.

      Table 24: Column permissions
      Permissions Meaning
      Viewable The column is displayed.
      Editable The values in the columns can be changed
      Insertable

      The value in the column can be edited when a new data record. Once the data record has been saved it can no longer be edited.

      For example, when an Active Directory User is created, an Active Directory container is defined. Because this is a key field the Active Directory container cannot be changed after the object has been saved.

    • To withdraw a permission, disable the associated checkbox.
    • To withdraw all permissions for a column, use the Delete context menu.
Related topics

Copying table permissions and column permissions

To transfer the permissions of a permissions group quickly from one table to another table, you can copy the table permissions and column permissions. Two methods are provided in the Permissions Editor to do this:

  • Copy and Insert: This methods copies the permissions of the source table (source column) to a permissions group. The permissions are copied for the permissions group that you selected in the Permissions Editor toolbar in the Permissions group menu.

    All copied permissions are inserted for the target table (target column). Any existing rights for the target table (target column) remain unaffected.

  • Copy all permissions and Paste all permissions: This method copies all source table (source column) permissions. The initial selection of the permissions group in the Permissions Editor makes no difference here. All permissions from all permissions groups for the source table (source column) are applied.

    All copied permissions are inserted for the target table (target column). Existing permissions for target table (target column) that do not exist for the source table (source column) are removed from the target table (target column).

To copy the permissions of a permissions group

  1. In the Designer, select the Permissions category.
  2. Start the Permissions Editor using the Edit permissions task.
  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group for which you want to grant the permissions.
  4. To transfer the table permissions.

    1. Select the table at the top of the Permissions Editor from which you want to transfer the permissions.
    2. Use the Copy context menu to copy the permissions to the buffer.
    3. Select the table at the top of the Permissions Editor for which you want to transfer the permissions.
    4. Use the Insert context menu to insert the permissions.
    5. If necessary, repeat step c) and d) for other tables.
  5. To transfer the column permissions

    1. Select the table at the top of the Permissions Editor and select the column from which you want to transfer permissions.
    2. Use the Copy context menu to copy the permissions.
    3. Select the table at the top of the Permissions Editor and select the column for which you want to copy permissions.
    4. Use the Insert context menu to insert the permissions.
    5. If necessary, repeat step c) and d) for other columns.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating