Dynamic role overview
You can see the most important information about a dynamic role on the overview form.
To obtain an overview of a dynamic role
- Select the role for which the dynamic role was created.
- Open the role's overview form.
- Select the form element "dynamic roles" and click on the dynamic role.
- Select the Dynamic role overview task.
Start immediate recalculation of role memberships
By default, calculation of role membership is controlled with schedules. You can also start the calculation for a single dynamic role immediately and independently of scheduled calculation.
To calculate role membership immediately
- Select the role for which the dynamic role was created.
- Open the role's overview form.
- Select the form element "dynamic roles" and click on the dynamic role.
- Select the Start recalculation immediately task and close the prompt with OK.
A processing task for the DBQueue Processor is set in the DBQueue.
Detailed information about this topic
Employee administration
The main component of One Identity Manager maps employees with their master data and all available company resources. IT resources, such as devices, software, and access permissions in various target systems, qualify as company resources. Resources such as mobile telephones, company cars, or keys can be mapped to employees, as well.
Employees obtain company resources according to their function and their position with the company structure. Company structures, such as departments, cost centers, and location, are also mapped in One Identity Manager. As are employee memberships in these company structures. Once company resources are assigned to the company structures, they are inherited by all the members. This way, employees automatically be supplied with all the necessary company resources.
If you manage access permissions on all One Identity Manager tools using the application role, you obtain all of the information about current access permissions and employee responsibilities with One Identity Manager.
One Identity Manager components for managing employees are available when the QER | Person configuration parameter is set.
- In the Designer, check if the configuration parameter is set. If not, set the configuration parameter.
Detailed information about this topic
One Identity Manager users for employee administration
Following users are used for employee administration.
Table 26: Users
Employee administrators |
Employee administrators must be assigned to the Identity Management | Employees| Administrators application role.
Users with this application role:
-
Can edit master data for all employees
-
Can assign a manager.
-
Can assign company resources to employees.
-
Check and authorize employee master data.
-
Create and edit risk index functions.
-
Edit password policies for employee passwords
-
Delete employee's security keys (WebAuthn) |
Employee managers
|
The Base roles | Employee managers application role is automatically assigned to a user if the user is a manager or supervisor of employees, departments, locations, cost centers, business roles, or IT Shops.
Users with this application role:
- Can edit master data for the objects they are responsible for and assign company resources to them.
- Can edit new employees added in the Web Portal and edit the master data of their staff.
- Can add their staff members to the IT Shop.
- Can view their staff's compliance rule violations in the Web Portal.
Members of this application role are determined through a dynamic role. |
One Identity Manager administrators |
-
Create customized permissions groups for application roles for role-based login to administration tools in the Designer as required.
-
Create system users and permissions groups for non role-based login to administration tools in the Designer as required.
-
Enable or disable additional configuration parameters in the Designer as required.
-
Create custom processes in the Designer as required.
-
Create and configure schedules as required.
-
Create and configure password policies as required. |
For detailed information about implementing and editing application roles, see the One Identity Manager Authorization and Authentication Guide.