You edit dependencies between permissions groups in the hierarchical view of the User & Permissions Group Editor. Permissions groups that are higher up in the hierarchy are displayed further to the right in the hierarchical view of User & Permissions Group Editor. When a permissions group is selected in the hierarchical view, the dependencies to other permissions groups are marked in color which also is also used to show the direction of inheritance.
Figure 1: Diagram of Permissions Group Hierarchy (Direction of Inheritance from Right to Left)
The selected permissions group.
|Purple||This permissions group is a child of the selected permissions group and directly inherits from the selected permissions group.|
|Light purple||This permissions group inherits indirectly from the selected permissions group over the hierarchy.|
|Red||This permissions group is a parent of the selected permissions group and passes inheritance to the selected permissions group.|
|Light red||This permissions group passes inheritance indirectly to the selected permissions group over the hierarchy.|
|Green||This permissions group does not inherit or pass inheritance to the selected permissions group.|
To specify dependencies of a permissions group
In the hierarchical view of the permissions groups, select the permissions group and run one of the following actions.
The User & Permissions Group Editor provides a wizard for copying edit permissions and the user interface of an existing permissions group to a new permissions group.
To copy a permissions group
On the Select permissions group page, enter the following information:
|Permissions||Enable this option to copy the table permissions and column permissions of the selected permissions group to the new permissions group.|
|User interface||Enable this option to copy the menu items, the forms and the task definitions of the selected permissions group to the new permissions group.|
Select this option if the system user should be copied to the new permissions group.
The copying process may take some time.
To create a permissions group
In the Designer, select the Permissions category.
Start the User & Permissions Group Editor with the task Show / edit permissions group.
Add a new permissions group using the Permissions groups | New menu.
Edit the master data for the permissions group.
Save the changes.
One Identity Manager provides various system users whose permissions are matched to the different tasks. Create your own system users if required. Add the system users to permissions groups, thereby granting the system users permissions for the tables and columns of the One Identity Manager data model, and make the user interface available.
The system user's effective permissions that are found are not saved in the One Identity Manager schema, but are determined when logging into One Identity Manager tools and then they are loaded.
When installing the One Identity Manager database using the , create an administrative system user that is added to non-role-based permissions groups and receives all permissions of the viadmin default system user.
System users are shown in Designer in the Permissions | System users category. You will see an overview of the permissions groups that are assigned to each individual system user. Use the User & Permissions Group Editor to create and edit your system user in Designer.
You can run the following tasks:
NOTE: You cannot edit dynamic system users.