Chat now with support
Chat with Support

Identity Manager 8.1.4 - Business Roles Administration Guide

Managing business roles
One Identity Manager users for business roles Hierarchical role structure basic principles Basic principles for assigning company resources Basics of calculating inheritance Preparing business roles for company resource assignments Basic data for structuring business roles Editing business roles Assigning employees, devices, and workdesks to business roles Assigning business roles to company resources Analyzing role memberships and employee assignments Setting up IT operating data Additional tasks for managing business roles Reports about business roles
Role mining in One Identity Manager

Modify IT operating data

If IT operating data changes, you must transfer the changes to the existing user accounts. To do this, templates must be rerun on the affected columns. Before you can run the templates, you can check what effect a change to the IT operating data has on the existing user accounts. You can decide whether the change is transferred to the One Identity Manager database in the case of each affected column in each affected database.

Prerequisites

  • The IT operating data of a business role have been changed.

    - OR -

  • The default values in the IT operating data template were modified for an account definition.

NOTE: If the assignment of an employee to a primary business role changes, the templates are automatically executed.

To execute the template

  1. In the Manager, select the <target system type> | Basic configuration data | Account definitions | Account definitions category.

  2. Select an account definition in the result list.

  3. Select the Execute templates task.

    This displays a list of all user accounts that were created with the selected account definition and whose properties were changed by modifying the IT operating data.

    Old value: Current value of the object property.
    New value: Value that the object property would have following modification of the IT operating data.
    Selection: Specifies whether or not the new value is transferred to the user account.

  4. Mark all the object properties in the selection column that will be given the new value.

  5. Click Apply.

    The templates are applied to all selected user accounts and properties.

Additional tasks for managing business roles

After you have entered the master data, you can run the following tasks. You can find the most important information on the overview form.

Creating dynamic roles

Use this task to define dynamic roles for individual business roles. Dynamic roles are used to specify role memberships dynamically. Employees, devices, and workdesks are not permanently assigned to a role, just when they fulfill certain conditions. A check is performed regularly to assess which employees (devices or workdesks) fulfill these conditions. The means the role memberships change dynamically. For example, company resources can be assigned dynamically to all employees in a business role in this way; if an employee leaves the department they immediately lose the resources assigned to them.

Dynamic roles always relate to the secondary role assignment of an employee object. Therefore secondary assignment of employees, devices, and workdesks to role classes must be permitted. If necessary, further configuration settings need to be made. For more information, see Permitting assignments of employees, devices, workdesks, and company resources.

NOTE: The Create dynamic role task is only available for business roles that do not have the Dynamic roles not allowed option set.

To create a dynamic role for a business role

  1. Select the Business roles | <Role class> category.

  2. Select a business role in the result list.

  3. Select the Create dynamic role task.

  4. Enter the required master data.

  5. Save the changes.

To edit a dynamic role

  1. Select the Business roles | <Role class> | Dynamic roles category.

  2. Select a business role in the result list.

  3. Open the business role's overview form.

  4. In the Dynamic roles form element, click on the name of the dynamic role.

  5. Select the Change master data task.

  6. Edit the dynamic role's master data.

  7. Save the changes.

For more detailed information about creating and editing dynamic roles, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics

Assign organizations

Use this task to map which relations exist between business roles and departments, cost centers and locations. This task has the same effect as assigning a department, cost center, or location on the business role master data form. The assignment is entered in the respective foreign key column in the base table.

To assign a department, cost center, or location to business roles

  1. Select the Organizations | Departments, Organizations | Cost centers, or Organizations | Locations category.
  2. Select the role in the result list.
  3. Select the Assign employees task.
  4. In the Add assignments pane, assign business roles.

    The selected role is assigned to all business roles as a primary department, cost center, or location.

    - OR -

    In the Remove assignments pane, remove business roles.

  5. Save the changes.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating