Chat now with support
Chat with Support

Identity Manager 9.3 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics The full-text search in One Identity Manager Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on using date values Tips for using PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Displaying messages in the user interface Referencing packages and files in scripts Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Committing and compiling script changes Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue Processor tasks Structure of the Jobservice.cfg configuration file

Script for conditional displaying of tasks

In principle, a user's permissions for displaying and editing tasks are controlled by permissions in permissions groups.

You can also use a script in the custom task definition to conditionally display a task. For example, this way you can control whether a task is only displayed in the Manager if a certain condition is met.

Example: Display a task loading an object

A task is displayed only when the object is loaded from the database. Adding a new object must not show the task.

If Not Entity.IsLoaded Then

Value = False

Else

Value = True

End If

NOTE: The script does not change the user’s permissions but simply the behavior if the object is loaded in one of the One Identity Manager tools. If you want to limit visibility and editability of a task, change the permissions of the permissions groups. For more information, see the One Identity Manager Authorization and Authentication Guide.

To specify a script for conditionally displaying a task

  1. In the Designer, select the task in the User interface > Task definitions category.

  2. Select the Change main data task.

  3. Enter a Visibility script in VB.Net syntax. If the return value is false, task is not displayed in any of the One Identity Manager tools.

  4. Select the Database > Save to database and click Save.

Related topics

Properties of task definitions

The following properties are displayed for task definitions.

Table 123: Task properties
Property Meaning

Task name

Name of the task.

Caption

The display name is used to display the task in the administration tool task view. Display names can be given in more than one language.

NOTE: The tasks are displayed in alphabetical order in the task view of One Identity Manager.

Description

Description of the task. The description is shown as a tooltip in the user interface task view.

Enabled for

This property specifies the intended use of the task.

Permitted values are:

  • Fat Client: You can display the task in the graphical user interface.

  • Web Client: You can display the task in web applications.

  • Fat Client + Web Client: You can display the task in both the graphical user interface and web applications.

Task behavior

Sets the behavior of the task.

The following entries are permitted:

  • No data: Default. The task is available for single object and multiple object editing. Changes are run separately for each object, even if multiple edit is used.

  • Save required: The task saves data.

  • Single objects only: This task is only permitted for single objects.

  • Save required + single objects only: The task saves data. This task is only permitted for single objects.

  • Run on multiple objects: This task is available for multiple editing of objects. Changes are run for all objects together through a multi-object.

  • Save required + run on multiple objects: The task saves data. This task is available for multiple editing of objects. Changes are run for all objects together through a multi-object.

Icon

Icon for displaying the task in the user interface.

Script

Task script. You can use function calls or commando input in VB.Net statements for the task script. The Base. syntax always accesses the object that is currently loaded.

NOTE: The database needs to be complied after changing a task script.

Visibility script

Script for conditional displaying of tasks in One Identity Manager tools. For more information, see Script for conditional displaying of tasks.

Disabled

Specifies whether the task is displayed in the user interface. Disabled tasks are never displayed in the user interface. Predefined system users are not effected by this limitation. This modification is also permitted for predefined default user interface tasks and is not overwritten when the schema is installed.

Processing status

The processing status is used for creating custom configuration packages.

Object

Assignment to object definitions (DialogObjectHasMethod table) for which the task will be shown in the user interface.

Permissions group

Assignment of permissions groups (DialogGroupHasMethod table), whose users can apply this task.

Program function

Program function, which is linked to the task definition. If a task definition is assigned a program function (QBMMethodHasFeature table) users can only run this task if they have the necessary permissions groups. For more information about managing permissions and running methods using program functions, see the One Identity Manager Authorization and Authentication Guide.

Related topics

Applications for configuring the user interface

In the default version of One Identity Manager, the applications and the predefined navigation for the One Identity Manager tools, the Manager, the Designer, and the Launchpad are also supplied. Predefined configurations are maintained by the schema installation and cannot be edited apart from a few properties. It is not usually necessary to define your own applications. You might possibly need your own applications for a customer specific web interface.

In the Designer, the available programs are shown in the Base data > Security settings > Programs category.

Table 124: Predefined programs
Product Meaning

Designer

Application for the Designer.

Manager

Application for the Manager.

Launchpad

Application for the Launchpad.

Application server

Program for installing the application server.

Default

Default for front-ends without special usage, for example Job Queue Info or Report Editor. Required to determine the authentication module.

Job Server

Application for configuring Job servers.

OperationsSupportWebPortal

Application for installing the Operations Support Web Portal.

PasswordReset

Application for installing the Password Reset Portal.

Portal

Application for configuring the Web Portal.

Program properties

The following properties are displayed for application roles.

Table 125: Program properties
Property Meaning

Program

Name of the program.

Remarks

Comments about the program.

Start menu item

If the given start menu item is available to a system user in a program’s navigation menu, the program navigates straight to this position in the menu when it starts up. You can specify, for example, a home page for a system user with this feature. This function is mainly used by web interfaces.

Configuration data

Configuration data is used to determine a system user by the dynamic authentication module. You can also adapt the configuration data for the default programs that are supplied. For more information, see the One Identity Manager Authorization and Authentication Guide.

Minimum Version

Minimum version of the program that can run with the version of the database in use. This input is used solely as information, the version number is not verified.

Engine based

Specifies whether menu navigation and forms can be assigned to the program.

Processing status

The processing status is used for creating custom configuration packages.

Authentication module

Authentication module used by the program. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

ClosedEnabling authentication modules in the Designer

Form

Forms displayed in the program.

ClosedDisplaying forms in the Designer

Menu

Menus displayed in the program.

ClosedDisplaying menu items in the Designer

System users

System users that use the program.

ClosedDisplaying system users in the Designer

Permissions group

Permissions groups whose permissions are also valid for this program. For more information about permissions groups in One Identity Manager, see the One Identity Manager Authorization and Authentication Guide.

ClosedDisplaying permissions groups in the Designer
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating