Chat now with support
Chat with Support

Identity Manager 8.1 - Authorization and Authentication Guide

About this guide One Identity Manager Application roles Granting One Identity Manager schema permissions Managing permissions to program features One Identity Manager Authentication modules OAuth 2.0/OpenID Connect configuration Multi-factor authentication in One Identity Manager

Editing the dependencies of permissions groups

You edit dependencies between permissions groups in the hierarchical view of the User & Permissions Group Editor. Permissions groups that are higher up in the hierarchy are displayed further to the right in the hierarchical view of User & Permissions Group Editor. When a permissions group is selected in the hierarchical view, the dependencies to other permissions groups are marked in color which also is also used to show the direction of inheritance.

Figure 1: Diagram of Permissions Group Hierarchy (Direction of Inheritance from Right to Left)

Table 18: Meaning of Colors in the Hierarchical Representation
Color Meaning

Blue

The selected permissions group.

Purple This permissions group is a child of the selected permissions group and directly inherits from the selected permissions group.
Light purple This permissions group inherits indirectly from the selected permissions group over the hierarchy.
Red This permissions group is a parent of the selected permissions group and passes inheritance to the selected permissions group.
Light red This permissions group passes inheritance indirectly to the selected permissions group over the hierarchy.
Green This permissions group does not inherit or pass inheritance to the selected permissions group.

To specify dependencies of a permissions group

  1. Select the Permissions | Permissions groups category in Designer.
  2. Select the permissions group and start User & Permissions Group Editor using the Edit permissions group task.
  3. In the hierarchical view of the permissions groups, select the permissions group and run one of the following actions.

    • Select the Inherit permissions from context menu and select the permissions groups from which the selected permissions group is to inherit.
    • Select the Permissions inherited by context menu and select the permissions groups to be included in the selected permissions group. Permissions subgroups inherit permissions from the selected permissions group.

Copying permissions groups

The User & Permissions Group Editor provides a wizard for copying edit permissions and the user interface of an existing permissions group to a new permissions group.

To copy a permissions group

  1. Select the Permissions | Permissions groups category in Designer.
  2. Select the permissions group you want to copy and start the User & Permissions Group Editor with the task Edit permissions group.
  3. Select the Permissions groups | Copy permissions group menu.
  4. On the home page of the wizard for copying permissions groups, click Next.
  5. On the Select permissions group page, enter the following information:

    • Select permissions group to copy: The permissions group is pre-selected.
    • Copy name: Name of the new permissions group. A name suggestion is already entered in the field which is made up from the customer prefix and the original permissions group name. You can alter this name but the customer prefix has to remain.
  6. On the Select copy options page, specify which permissions group relations are to be copied. You can select multiple options. The following copy options are available.
    Table 19: Copy options for permissions groups
    Option Description
    Permissions Enable this option to copy the table permissions and column permissions of the selected permissions group to the new permissions group.
    User interface Enable this option to copy the menu items, the forms and the task definitions of the selected permissions group to the new permissions group.
    System user

    Select this option if the system user should be copied to the new permissions group.

    NOTE: Note here that predefined system users are not included in the new permissions group.

  7. To start compiling, click Next.

    The copying process may take some time.

  8. The Copy permissions group page shows the individual copy steps and any error messages. If the copy action is complete, click Next.
  9. To end the wizard, click Finish on the last page.
Related Topics

Creating permissions groups

To create a permissions group

  1. In the Designer, select the Permissions category.

  2. Start the User & Permissions Group Editor with the task Show / edit permissions group.

  3. Add a new permissions group using the Permissions groups | New menu.

  4. Edit the master data for the permissions group.

  5. Save the changes.

Related Topics

Editing system users

One Identity Manager provides various system users whose permissions are matched to the different tasks. Create your own system users if required. Add the system users to permissions groups, thereby granting the system users permissions for the tables and columns of the One Identity Manager data model, and make the user interface available.

The system user's effective permissions that are found are not saved in the One Identity Manager schema, but are determined when logging into One Identity Manager tools and then they are loaded.

When installing the One Identity Manager database using the Configuration Wizard, create an administrative system user that is added to non-role-based permissions groups and receives all permissions of the viadmin default system user.

System users are shown in Designer in the Permissions | System users category. You will see an overview of the permissions groups that are assigned to each individual system user. Use the User & Permissions Group Editor to create and edit your system user in Designer.

You can run the following tasks:

  • Create a new system user, such as an administrative system user or a system user for service accounts
  • Configuration of password settings for system users
  • Adding a system user to permissions groups
  • Determining which employees use a system user

NOTE: You cannot edit dynamic system users.

Related Topics
Related Documents