Chat now with support
Chat with Support

Identity Manager 8.1.5 - Business Roles Administration Guide

Managing business roles
One Identity Manager users for business roles Hierarchical role structure basic principles Basic principles for assigning company resources Basics of calculating inheritance Preparing business roles for company resource assignments Basic data for structuring business roles Editing business roles Assigning employees, devices, and workdesks to business roles Assigning business roles to company resources Analyzing role memberships and employee assignments Setting up IT operating data Additional tasks for managing business roles Reports about business roles
Role mining in One Identity Manager

Discontinuing inheritance

There are particular cases where you may not want to have inheritance over several hierarchical levels. That is why it is possible to discontinue inheritance within a hierarchy. The point at which the inheritance should be discontinued within a hierarchy is specified by the Block inheritance option. The effects of this depend on the chosen direction of inheritance.

  • Roles marked with the Block inheritance option do not inherit any assignments from parent levels in top-down inheritance. It can, however, pass on its own directly assigned company resources to lower level structures.
  • In bottom-up inheritance, the role labeled with the “Block inheritance” option inherits all assignments from lower levels in the hierarchy. However, it does not pass any assignments further up the hierarchy.

The Block inheritance option does not have any effect on the calculation of the manager responsible.

Example for discontinuing inheritance top-down

If the Block inheritance option is set for the "Sales" department in the top-down example, it results in sales employees only being assigned the SharePoint Online group 1 and employees in the "Dealer sales" department inherit the SharePoint Online groups 1 and 2. System entitlements of the "Entire organization" department are however, assigned to employees in the "Sales" and "Dealer sales" departments.

Figure 3: Discontinuing inheritance top-down

Example for discontinuing inheritance bottom-up

An employee from the "Programming" project group receives software applications from the project group as well as those from the projects groups below. In this case, the development environment, assembler tool and the prototyping tool. If the "Programming" project group has labeled with the Block inheritance option, it no longer passes down inheritance. As a result, only the CASE tool is assigned to employees in the "Project lead" project group along with the software application project management. Software applications from the "Programming", "System programming", and "Interface design" projects groups are not distributed to the project lead.

Figure 4: Discontinuing inheritance bottom-up

Basic principles for assigning company resources

You can assign company resources to employees, devices, and workdesks in One Identity Manager. You can use different assignments types to assign company resources.

Assignments types are:

Direct assignment

Direct assignment of company resources results from the assignment of a company resource to an employee, device, or workdesk, for example. Direct assignment of company resources makes it easier to react to special requirements.

Figure 5: Schema of a direct assignment based on the example of an employee

Indirect assignment

In the case of indirect assignment of company resources, employees, devices, and workdesks are arranged in departments, cost centers, locations, business roles, or application roles. The total of assigned company resources for an employee, device, or workdesk is calculated from the position within the hierarchies, the direction of inheritance (top-down or bottom-up) and the company resources assigned to these roles. In the Indirect assignment methods a difference between primary and secondary assignment is taken into account.

Figure 6: Schema of an indirect assignment based on the employee example

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating