Chat now with support
Chat with Support

Identity Manager 8.1.4 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Granulated permissions for the SQL Server and database

Simulating permissions for system users

By simulating the permissions in the Permissions Editor, you can see which permissions a system user has based on his or her permissions group. You can specify which permissions groups of a system user to include in the simulation. The result displayed shows which of the selected permissions groups has which table permissions and column permissions. Effective permissions for the system user are also displayed.

NOTE: Simulation mode remains active until you end it. In simulation mode, you can edit permissions group permissions and update simulation data.

To run a permissions simulation

  1. In the Designer, select the Permissions category.
  2. Start the Permissions Editor using the Edit permissions task.
  3. From the Simulation | Start simulation menu, start the simulation wizard.
  4. On the start page of the wizard, click Next.
  5. On the Simulation base configuration page, select the following data.
    • User: Select the system user whose permissions you want to simulate.
    • Direct groups: Use this button to select all permissions groups that are directly assigned to the system user.
    • All groups: Use this button to select all permissions groups that are directly assigned to the system user as well as all permissions groups that the system user inherits indirectly.
    • Permissions groups: Select individual permissions groups directly. Use Ctrl + select to select multiple tables.
  6. On the Simulation configuration page, specify the tables for which the permissions are simulated.

    • In the Selected tables pane, all tables of the One Identity Manager schema are selected. If necessary, limit the selection to individual tables. Click None to undo the selection. Use Shift + select to select individual tables.
    • Using the Context table menu, you can specify a table from which you can view the resulting implicit permissions for the foreign key columns display values.

      Example

      For the Employee table, viewing permissions to the UID_Org column have been assigned. As a result, viewing permissions are implicitly assigned for columns of the Org table, which are used as a display template, for example, Org.Ident_Org.

      To simulate this example, select the Employee table under Context table and the Org table under Selected tables.

  7. The processing progress of the simulation is displayed on the Simulation page. The simulation process can take some time.

  8. To end the wizard, click Finish on the last page.

    After you complete simulation wizard, the system user's effective table permissions and column permissions are displayed in the upper area of the Permissions Editor in the Simulation area.

  9. To determine which table permission or column permission results from which of the system user's permissions groups, select the table or column in the upper area of the Permissions Editor.

    The permissions and permissions groups are displayed in the Permissions simulation view in the lower area of Permissions Editor.

  10. To end the simulation mode, select the Simulation | End simulation menu.

    The simulation data is deleted and the Permissions simulation view is closed.

Displaying permissions for objects

You can display object properties and permissions in One Identity Manager tools.

To show extended object properties

  • Select the object and open the Properties context menu.

On General, you can see the object‘s general properties, for example, ID, status, or primary key.

All the object columns are displayed in a grid on Properties with their values. You can choose between a simple column view and the advanced view with additional data for column definitions.

Table 25: Icon used for column properties
Icon Meaning
Required field.
No viewing permissions.

No edit permissions.

On Access permissions, you can see which permissions are valid for an object based on permissions groups. The first entry shows the basic permissions for the table. The permissions for this particular object are displayed beneath that. The other entries show the column permissions.

TIP: Double-click the table entry, the object entry, or a column entry to display the permissions group from which the permissions were determined.

Table 26: Icon used for permissions
Icon Meaning
Permissions exist.
Permissions have been removed by the object layer
Permissions limited by conditions.

Displaying permissions for the current user

To get more information about the current user

  • To display additional user information, double-click the icon in the status bar
Table 27: Extra information about the current user
Property Meaning
System users

Name of system user

Authenticated by Name of the authentication module used for logging in.
Employee UID (UserUID) Unique ID for the current user’s employee if an employee related authentication module is used to log in.

SQL access level

Access level of the database server used to log in.

Read-only

The system user has only has read permissions. Modification to data are not possible.

Dynamic user The current user uses a dynamic system user. Dynamic system users are applied when a role-based authentication module is used.
Remarks More details about the system user in use.
Permissions groups Permissions groups that are assigned to the system user. Which user interface and editing permissions apply depend on the permissions groups.
Program functions Program functions assigned to the system user The menu items and functions available depend on the program functions.

Assigning permissions groups to applications

If you assign a permissions group to an application, the permissions of the group apply only to this application. When a user logs on to the application, they receive the permissions of the permissions group in addition to their own permissions.

To assign a permissions group to an application

  1. In the Designer, select the Permissions | Permissions groups | Role based permissions groups category.

  2. Select the View | Select table relations menu item and enable the DialogGroupInProductLimited table.

  3. In the List Editor, select the permissions group.

  4. Assign the application in the Applications edit view.

For detailed information about applications in One Identity Manager, see the One Identity Manager Configuration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating