Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 9.2 - Business Roles Administration Guide

Managing business roles
One Identity Manager users for business roles Hierarchical role structure basic principles Basic principles for assigning company resources Basics of calculating inheritance Preparing business roles for company resource assignments Base data for business roles Creating and editing business roles Assigning identities, devices, and workdesks to business roles Assigning business roles to company resources Analyzing role memberships and identity assignments Setting up IT operational data for business roles Creating dynamic roles for business roles Assigning departments, cost centers, and locations to business roles Defining inheritance exclusion for business roles Assigning extended properties to business roles Creating assignment resources for application roles Dynamic roles for business roles with incorrectly excluded identities Certification of business roles Reports about business roles
Role mining in One Identity Manager

Role approvers and role approvers (IT)

In One Identity Manager, you can assign business roles to identities who can be brought in as approvers in approval processes for IT Shop requests, provided that the approval workflow is set up accordingly. To do this, assign the business roles to application roles for approvers. For more information, see the One Identity Manager IT Shop Administration Guide.

Default application roles for approvers and approvers (IT) are available in One Identity Manager. You may create other application roles as required. For more information about implementing and editing application roles, see theOne Identity Manager Authorization and Authentication Guide.

Table 9: Default application roles for approvers
User Tasks

Business Role Approvers

 

Approvers must be assigned to the Identity Management | Business roles | Role approvers application role or a child application role.

Users with this application role:

  • Are approvers for the IT Shop.

  • Approve requests from business roles for which they are responsible.

Business Role Approvers (IT)

 

IT role approvers must be assigned to the Identity Management | Business roles | Role approvers (IT) application role or a child application role.

Users with this application role:

  • Are IT role approvers for the IT Shop.

  • Approve requests from business roles for which they are responsible.

To specify a role approver or role approver (IT)

  1. In the Manager, select the Business Roles > Basic configuration data > Role approvers category.

    - OR -

    In the Manager, select the Business Roles > Basic configuration data > Role approvers (IT) category.

  2. Select the Assign identities task.

  3. In the Add assignments pane, add identities.

    TIP: In the Remove assignments pane, you can remove assigned identities.

    To remove an assignment

    • Select the identity and double-click .

  4. Save the changes.

Creating and editing business roles

Business roles are grouped by role class in the navigation view. Each business role is assigned to exactly one role class. You must define suitable role classes before you can add business roles.

To create or edit business roles

  1. In the Manager, select the Business roles > <role class> category.

  2. In the result list, select a business role and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the business role's main data.

  4. Save the changes.
Related topics

General main data for business roles

Enter the following main data of a business role.

Table 10: General main data of a business role

Property

Description

Business role

Business role name. Translate the given text using the button.

Short name

Short name for the business role.

Internal name

Additional identifier for the business role.

Role class

Role class to which the business role is assigned. The value is preset with the role classes selected in the navigation view. If a new business role is added, you can assign any role class to it.

Parent business role

Parent of business role in the hierarchy.

To organize business roles hierarchically, select the parent business role in the menu. Only the business roles that belong to the same role class can be selected. Leave this field empty if the business role is at the top level of the business role hierarchy.

Full name

Complete name of business roles including parent business roles. Translate the given text using the button.

Role type

Select a role type from the menu.

To create a new role type, click . Enter a name and description for the role type.

Role approver

Application role whose members approve IT Shop requests for members of this business role.

To create a new application role, click . Enter the application role name and assign a parent application role.

Role approver (IT)

Application role whose members approve IT Shop requests for members of this business role.

To create a new application role, click . Enter the application role name and assign a parent application role.

Manager

Manager responsible for the business role.

2nd Manager

Deputy business role manager.

Additional manager

Application role for a group of managers and deputies who manage this business role.

To create a new application role, click . Enter the application role name and assign a parent application role.

Attestors

Applications role whose members are authorized to approve attestation cases for this business role.

To create a new application role, click . Enter the application role name and assign a parent application role.

NOTE: This property is available if the Attestation Module is installed.

Department

Department to which the business role is primary assigned.

Location

Location to which the business role is primary assigned.

Cost center

Cost center to which the business role is primary assigned.

Description

Text field for additional explanation.

Comment

Text field for additional explanation.

Remarks

Text field for additional explanation.

Certification status

Business role certification status. You can select the following certification statuses:

  • New: The business roles was newly added to the One Identity Manager database.

  • Certified: The business role main data was granted approval by the manager.

  • Denied: The business role main data was denied approval by the manager.

The certification status can be set depending on the result of regular attestations.

Import data source

Target system or data source, from which the data set was imported.

Block inheritance

Specifies whether inheritance for this business role can be discontinued. Set this option to discontinue inheritance within the business role hierarchy.

X500 nodes

Select this option to label a cost center for exporting to an X500 schema.

Identities do not inherit

Specifies whether identity inheritance should be temporarily prevented for this business role.

Devices do not inherit

Specifies whether device inheritance should be temporarily prevented for this business role.

Workdesks do not inherit

Specifies whether workdesk inheritance should be temporarily prevented for this business role.

Dynamic roles not allowed

Specifies whether a dynamic role can be created for the business role.

Related topics

Address information for business roles

Enter the following main data of contacting the business role.

Table 11: Business role address data
Property Description

Address

Business role mail address

Street

Street or road.

Building

Building

Zip code

Zip code.

City

City.

Country

Country. You require this to determine the identity’s language and working hours. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

State

State. You require this to determine the identity’s language and working hours. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

Phone

Business role telephone number.

Quick dial

Telephone short entry (without code).

Room

Room.

Comment (room)

Text field for additional explanation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating