Chat now with support
Chat with Support

Identity Manager 8.1 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-Based Systems Setting Up Synchronization with a Unix-Based Target System Base Data for Unix-Based Target Systems Unix Host Unix User Accounts Unix Groups Reports about Unix Objects Appendix: Configuration parameters for managing a Unix environment Appendix: Default Project Template for Unix-Based Target Systems

General master data for a Unix group

Enter the following data on General:

Table 31: General Master Data
Property Description

Group name

Name of the group.

Group ID

Group's identifier.

Host

Group's host.

IT Shop

Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles.

Only for use in IT Shop

Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is no permitted.

Service item

Service item data for requesting the group through the IT Shop.

Risk index

Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This input field is only visible if the configuration parameter QER | CalculateRiskIndex is activated.

For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Select one or more categories from the menu.
Related Topics

Assigning Unix Groups to Unix User Accounts

Groups can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and groups are assigned to hierarchical roles, such as , departments, cost centers, locations or business roles. The groups assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.

If you add an employee to roles and that employee owns a user account, the user account is added to the groups. Prerequisites for the indirect assignment of employees to user accounts:

  • Assignment of employees and groups is permitted for role classes (department, cost center, location or business role).
  • The user accounts are marked with the option Groups can be inherited.

Furthermore, groups can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that groups can be assigned through IT Shop requests. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.

Detailed information about this topic

Assigning Unix Groups to Departments, Cost Centers and Locations

Assign groups to departments, cost centers, or locations so that the group can be assigned to user accounts through these organizations.

To assign a group to departments, cost centers or locations (non role-based login)

  1. In Manager, select Unix | Groups.

  2. Select the group in the result list.

  3. Select Assign organizations.

  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.

    • Assign locations on the Locations tab.

    • Assign cost centers on the Cost centers tab.

    TIP: In the Remove assignments area, you can remove the assignment of organizations.

    To remove an assignment

    • Select the organization and double click .

  5. Save the changes.

To assign groups to a department, cost center or location (role-based login)

  1. Select Organizations | Departments in Manager.

    - OR -

    Select Organizations | Cost centers in Manager.

    - OR -

    In Manager, select Organizations | Locations.

  2. Select the department, cost center or location in the result list.

  3. Select the Assign Unix groups task.

  4. Assign groups in Add assignments.

    TIP: you can remove the assignment of groups in the Remove assignments area.

    To remove an assignment

    • Select the group and double click .
  5. Save the changes.
Related Topics

Assigning Unix Groups to Business Roles

Installed modules: Business Roles Module

Assign the group to business roles so that the group is assigned to user accounts through these business roles.

To assign a group to a business role (non role-based login)

  1. In Manager, select Unix | Groups.

  2. Select the group in the result list.

  3. Select Assign business roles.

  4. Assign business roles in Add assignments.

    TIP: In the Remove assignments area, you can remove the assignment of business roles.

    To remove an assignment

    • Select the business role and double click .

  5. Save the changes.

To assign groups to a business role (non role-based login)

  1. In Manager, select Business roles | <role class>.

  2. Select the business role in the result list.

  3. Select AssignUnix groups.

  4. Assign groups in Add assignments.

    TIP: you can remove the assignment of groups in the Remove assignments area.

    To remove an assignment

    • Select the group and double click .
  5. Save the changes.
Related Topics
Related Documents