Chat now with support
Chat with Support

Identity Manager 8.1 - Authorization and Authentication Guide

About this guide One Identity Manager Application roles Granting One Identity Manager schema permissions Managing permissions to program features One Identity Manager Authentication modules OAuth 2.0/OpenID Connect configuration Multi-factor authentication in One Identity Manager

Which employees use the system user?

Employees obtain a system user directly from their master data or dynamically through their One Identity Manager application roles.

To display which employees are assigned to a system user

  1. In Designer, select Permissions | System users.
  2. Select a system user and start the User & Permissions Group Editor with the Edit system user task.
  3. Select View | One Identity Manager employees.

    NOTE: You cannot change the assignments in this view.

Deleting dynamic system users

NOTE: If no role-based logins of employees who use dynamic system users are performed for some time, you should delete the dynamic system users for performance reasons. A new dynamic system user is created during the next role-based employee login.

To delete system users

  • In Designer, enable the Common | DynamicUserLifetime configuration parameter and enter the maximum retention period in days for dynamic system users.

    If the configuration parameter is enabled, system users whose retention period has expired are deleted from the database as part of the daily maintenance tasks.

Editing table permissions and column permissions

You can edit permissions in the Designer using the Permissions Editor. You can also simulate the permissions for the individual system users in Permissions Editor.

With the Permissions Editor you can:

  • Assign permissions for custom tables and columns to custom permissions groups

  • Assign permissions for predefined tables and columns in the One Identity Manager schema to custom permissions groups

  • Assign permissions for custom tables and columns to predefined permissions groups

The permissions for predefined permission groups to predefined tables and columns in the One Identity Manager schema cannot be changed.

For custom schema extensions, use the Schema Extension program, specify a permissions group with read and write permissions as well as a permissions group with read permissions only. This make initial access to the schema extensions possible with One Identity Manager administration tools.

Detailed information about this topic

Displaying the permissions of a permissions group

To display all permissions for a permission group

  1. In the Designer, select the Permissions category.
  2. Start the Permissions Editor using the Edit permissions task.
  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group for which you want to display permissions.

    The tables and columns of the One Identity Manager schema and the permissions of the selected permissions group are displayed in the upper area of Permissions Editor. Use the following Permissions Editor options to adjust the layout.

    • To display tables with permissions first, enable the Options | Permissions sort order menu.
    • To display disabled tables and columns, enable the Options | Show disabled tables menu.
    • To use the display names of the tables and columns, enable the Options | Display name menu.
    • To limit the display of the tables, use the Show system tables, Show non-system tables and Show all tables menu items in the Options menu. Alternatively, use the Define filter or Manage filters menu items to define your own user-defined filters for displaying the tables and columns.

      For detailed information about creating user-defined filters in Designer, see the One Identity Manager User Guide for One Identity Manager Tools User Interface.

Related Documents