Chat now with support
Chat with Support

Identity Manager 8.1.4 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0 / OpenID Connect configuration Multi-factor authentication in One Identity Manager Granulated permissions for the SQL Server and database

Compliance and security officer

NOTE: This application role is available if Attestation Module, Compliance Rules Module, or Company Policies Module is installed.

Compliance and security officers must be assigned to the Identity & Access Governance | Compliance & Security Officer application role.

Users with this application role:

  • View all compliance relevant information and other analysis in the Web Portal. This includes attestation policies, company policies and policy violations, compliance rules, and rule violations and risk index functions.
  • Edit attestation polices.

Auditors

NOTE: This application role is available if Attestation Module, Compliance Rules Module or Company Policies Module is installed.

Auditors are assigned to the Identity & Access Governance | Auditors application role.

Users with this application role:

  • See the Web Portal all the relevant data for an audit.

Application roles for identity audit

NOTE: This application role is available if the Compliance Rules Module is installed.

The following application roles are available for managing compliance rule:

Table 2: Application roles for identity audit
Application role Description

Administrators

Administrators must be assigned to the Identity & Access Governance | Identity Audit | Administrators application role.

Users with this application role:

  • Enter base data for setting up company policies.
  • Create compliance rules and assign rule supervisors to them.
  • Can start rule checking and view rule violations as required.
  • Create reports about rule violations.
  • Enter mitigating controls.
  • Create and edit risk index functions.
  • Monitor Identity Audit functions.
  • Administer application roles for rule supervisors, exception approvers and attestors.
  • Set up other application roles as required.

Rule supervisors

 

Rule supervisors must be assigned to the Identity & Access Governance | Identity Audit | Rule supervisors application role or a child application role.

Users with this application role:

  • Are responsible for compliance rule content, for example, an auditor or a auditing department.
  • Edit the compliance rule working copies, which are assigned to the application role.
  • Enable and disable compliance rules.
  • Can start rule checking and view rule violations as required.
  • Assign mitigating controls.

Exception approvers

 

Administrators must be assigned to the Identity & Access Governance | Identity Audit | Exception approvers application role or a child application role.

Users with this application role:

  • Edit rule violations in the Web Portal.
  • Can grant exception approval or revoke it in the Web Portal.

Attestors

 

Attestors must be assigned to the Identity & Access Governance | Identity Audit | Attestors application role.

Users with this application role:

  • Attest compliance rules and exception approvals in the Web Portal for which they are responsible.
  • Can view master data for these compliance rules but not edit them.
NOTE: This application role is available if the module Attestation Module is installed.

Maintain SAP Functions

Administrators must be assigned to the Identity & Access Governance | Identity Audit | Maintain SAP functions application role or a child application role.

Users with this application role:

  • Are responsible for SAP function contents.
  • Edit working copies of function definitions for which they are responsible.
  • Define function instances and variables sets for SAP functions.
  • Assign mitigating controls.
NOTE: This application role is available if the module SAP R/3 Compliance Add-on Module is installed.

Application roles for company policies

NOTE: This application role is available if the Company Policies Module is installed.

The following application roles are available for managing company policies:

Table 3: Application roles for company policies
Application role Description

Administrators

 

Administrators must be assigned to the Identity & Access Governance | Company policies | Administrators application role.

Users with this application role:

  • Enter base data for setting up company policies.
  • Set up policies and assign policy supervisors to them.
  • Can calculation policies and view policy violations if required.
  • Set up reports about policy violations.
  • Enter mitigating controls.
  • Create and edit risk index functions.
  • Administer application roles for policy supervisors, exception approvers and attestors.
  • Set up other application roles as required.

Policy supervisors

 

Policy supervisors must be assigned to the Identity & Access Governance | Company policies | Policy supervisors application role or another child application role.

Users with this application role:

  • Are responsible for the contents of company policies.
  • Edit working copies of company policies.
  • Enable and disable company policies.
  • Can calculation policies and view policy violations if required.
  • Assign mitigating controls.

Exception approvers

 

Exception approvers must be assigned to the Identity & Access Governance | Company policies | Exception approvers application role or a child application role.

Users with this application role:

  • Edit policy violations.
  • Can grant exception approval or revoke it.

Attestors

 

Attestors must be assigned to the Identity & Access Governance | Company policies | Attestors application role.

Users with this application role:

  • Attest company policies and exception approvals in the Web Portal for which they are responsible.
  • Can view the master data for these company policies but not edit them.
NOTE: This application role is available if the module Attestation Module is installed.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating