立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program features One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Displaying the current user's program functions

To identify the program functions available to the current user:

  • To display user information, double-click the icon in the program status bar

    The Program functions tab shows the program functions that are available.

Assigning program functions to permissions groups

To assign a program function to permissions groups

  1. In the Designer, select the Permissions > Program functions category.

  2. Select the View > Select table relations menu item and enable the DialogGroupHasFeature table.

  3. In the List Editor, select the program function.

  4. Assign the permissions group in the Permissions groups edit view.

  5. Select the Database > Save to database and click Save.

Related topics

Permissions for running scripts

The basic permissions for running scripts are granted to the logged in user through the program feature Allow the starting of arbitrary scripts from the frontend (Common_StartScripts).

If a script is assigned a program function (QBMScriptHasFeature table), users can only run this script if they have the necessary permissions groups. An error occurs if the user does not own this program function and tries to run it.

To control how a script is run using a program function

  1. Create a new program function.

    1. In the Designer, select the Permissions > Program functions category.

    2. Select the Object > New menu item.

    3. Enter the following information:

      • Program function: Name of the program function.

      • Description: Short description of the program function.

      • Function group: Property for grouping program functions.

  2. Connect the program function with the scripts that the user are allowed to trigger.

    1. In the Designer, select the Permissions > Program functions category.

    2. Select the View > Select table relations menu item and enable the QBMScriptHasFeature table.

    3. In the List Editor, select the newly created program function.

    4. In the Scripts edit view, assign the scripts.

  3. Assign the required program functions to the custom permissions group whose systems users will run these scripts.

    1. In the Designer, select the Permissions > Program functions category.

    2. Select the View > Select table relations menu item and enable the DialogGroupHasFeature table.

    3. In the List Editor, select your newly created program function.

    4. In the List Editor, use Ctrl+Selection to select your newly created program function and the Allow the starting of arbitrary scripts from the frontend function (Common_StartScripts).

    5. Assign the permissions group in the Permissions groups edit view.

  4. Select the Database > Save to database and click Save.

Related topics

Permissions for running methods

If a task definition is assigned a program function (QBMMethodHasFeature table) users can only run this task if they have the necessary permissions groups. An error occurs if the user does not own this program function and tries to run it.

To make a task definition available to users using a program function

  1. Create a new program function.

    1. In the Designer, select the Permissions > Program functions category.

    2. Select the Object > New menu item.

    3. Enter the following information:

      • Program function: Name of the program function.

      • Description: Short description of the program function.

      • Function group: Property for grouping program functions.

  2. Connect the program function with the task definition events that the user will trigger.

    1. In the Designer, select the Permissions > Program functions category.

    2. Select the View > Select table relations menu item and enable the QBMMethodHasFeature table.

    3. In the List Editor, select the newly created program function.

    4. In the Tasks edit view, assign the task definitions.

  3. Assign the program functions to the custom permissions group whose systems users will run these scripts.

    1. In the Designer, select the Permissions > Program functions category.

    2. Select the View > Select table relations menu item and enable the DialogGroupHasFeature table.

    3. In the List Editor, select your newly created program function.

    4. Assign the permissions group in the Permissions groups edit view.

  4. Select the Database > Save to database and click Save.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级