Chat now with support
Chat with Support

Identity Manager 8.1.5 - Business Roles Administration Guide

Managing business roles
One Identity Manager users for business roles Hierarchical role structure basic principles Basic principles for assigning company resources Basics of calculating inheritance Preparing business roles for company resource assignments Basic data for structuring business roles Editing business roles Assigning employees, devices, and workdesks to business roles Assigning business roles to company resources Analyzing role memberships and employee assignments Setting up IT operating data Additional tasks for managing business roles Reports about business roles
Role mining in One Identity Manager

Defining inheritance exclusion for business roles

You can define conflicting roles to prevent employees, devices, or workdesks from being assigned to several roles at the same time and from obtaining mutually exclusive company resources through these roles. At the same time, you specify which business roles need to be mutually exclusive. This means you may not assign these roles to one and the same employee (device, workdesk).

NOTE: Only roles, which are defined directly as conflicting roles cannot be assigned to the same employee (device, workdesk). Definitions made on parent or child roles do not affect the assignment.

To configure inheritance exclusion

  • In the Designer, set the QER | Structures | ExcludeStructures configuration parameter and compile the database.

To define inheritance exclusion for a business role

  1. Select Business roles | <Role class> in the Manager.
  2. Select a business role in the result list.
  3. Select the Edit conflicting business rolestask.
  4. In Add assignments, assign the business roles that are mutually exclusive to the selected business role.

    - OR -

    In Remove assignments, remove the business roles that are no longer mutually exclusive.

  5. Save the changes.
Detailed information about this topic

Assigning extended properties

You can assign extended properties to business roles. Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

To specify extended properties for a business role

  1. Select the Business roles | <Role class> category.
  2. Select the business role in the result list.
  3. Select the Assign extended properties task.
  4. In the Add assignments pane, assign extended properties.

    - OR -

    In the Remove assignments pane, remove extended properties.

  5. Save the changes.

Creating assignment resources

You may add assignment resources to single business roles. This means you can limit assignment resources to a certain business role in the Web Portal. When the assignment resource is requested, it is no longer necessary to request the business role as well. It is automatically a part of the assignment request. For more information, see the One Identity Manager IT Shop Administration Guide.

To limit an assignment resource to a business role

  1. Select the Business roles | <Role class> category.
  2. Select a business role in the result list.
  3. Select the Create assignment resource... task.

    This starts a wizard that takes you through the steps for adding an assignment resource.

Reports about business roles

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for business roles.

NOTE: Other sections may be available depending on the which modules are installed.
Table 18: Reports about business roles
Report Description
Overview of all assignments This report finds all the roles in which employees from the selected business roles are also members.
Show historical memberships

This report lists all members of the selected business role and the length of their membership.

Show products still to be approved The report shows all products for a business role whose requests can be approved by the business role's members.
Business roles with high risk level The report lists all business roles with a risk index equal or higher that the configurable risk index. The result can be limited to a specified role class. You can find this report in the My One Identity Manager category.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating