Application roles for Universal Cloud Interface
NOTE: Application roles are available if the Universal Cloud Interface Module is installed.
The following application roles are available for managing cloud systems.
Table 11: Application roles for Universal Cloud Interface
Cloud administrators |
Administrators must be assigned to the Universal Cloud Interface | Administrators application role or a child application role.
Users with this application role:
- Manage application roles for the Universal Cloud Interface.
- Set up other application roles as required.
- Configure synchronization in the Synchronization Editor and define the mapping for comparing cloud applications and One Identity Manager.
- Edit cloud application in the Manager.
- Edit pending, manual provisioning processes in the Web Portal and obtain statistics.
- Obtain information about the cloud objects in the Web Portal and the Manager.
|
Cloud operators |
Operators must be assigned to the Universal Cloud Interface | Operators application role or a child application role.
Users with this application role:
- Edit pending, manual provisioning processes in the Web Portal and obtain statistics.
|
Cloud auditors |
Auditors must be assigned to the Universal Cloud Interface | Auditors application role or a child application role.
Users with this application role:
- Can view manual provisioning processes in the Web Portal and obtain statistics.
|
Application roles for custom tasks
The following application roles are available for customer features and tasks.
Table 12: Application roles for custom tasks
Administrators |
Administrators must be assigned to the Custom | Administrators application role.
Users with this application role:
|
Manager/supervisor |
Managers must be assigned to the Custom | Managers application role or a child role.
Users with this application role:
You can use these application roles, for example, to guarantee One Identity Manager users write permissions on custom tables or columns. All application roles that you define here must obtain their write permissions through custom permissions groups. |
Implementing the application roles
IMPORTANT: To use application roles you must add one employee to the Base roles | Administrators application role. This employee is the authorized to assigned administrative One Identity Manager application roles to other employees.
Run this task once.
To initially add an employee to the Base roles | Administrators application role.
- Log into the Manager as a non role-based administrative user.
- Select the Employees | Employees category.
- Select the employee to be assigned to the Base role | Administrators application role.
- Select the Authorize as One Identity Manager administrator task.
NOTE: Once you update the view in Manager, the Authorize as One Identity Manager administrator task is no longer displayed in the task view. That means that the task can only be run when there are no other employees assigned to this application role.
After you have been working with One Identity Manager for a while, it is possible that no more employees are assigned to the Base roles | Administrators application role. In this case, proceed as described above in order to reassign an employee to this application role.
The One Identity Manager user with the Base roles | Administrators application role can now add more employees to application roles and edit the application role master data.
Related topics
Creating and editing application roles
To set up your first application roles you need to add an employee to the application role Base roles | Administrators. This employee is authorized to add more employees to different administration application roles. For more information, see Implementing the application roles.
Administrators can edit child application roles, set up more application roles and assigned employees.
NOTE: To edit the application role, log on to the Manager using a role-based authentication module.
To edit an application role
- In the Manager in the One Identity Manager Administration category, select the Application role.
- Select the Change master data task.
- Edit the application role's master data.
- Save the changes.
To create a new application role
- In the Manager in the One Identity Manager Administration category, select the application role under which you want to create a new application role.
-
Click in the result list.
- Enter the application role master data.
- Save the changes.
NOTE: You cannot delete default application roles.
Related topics