立即与支持人员聊天
与支持团队交流

Identity Manager 9.0 LTS - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program functions One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Dynamic system user

Dynamic system users are used for logging into One Identity Manager tools with role-based authentication modules. First, the employee memberships in the One Identity Manager application roles are determined during login. Assignments of permissions groups to One Identity Manager application roles are used to determine which permissions groups apply to the employee. A dynamic system user is determined from these permissions groups that will be used for the employee’s login.

NOTE: You cannot edit dynamic system users. If no role-based logins of employees who use dynamic system users are performed for some time, you should delete the dynamic system users for performance reasons. A new dynamic system user is created during the next role-based employee login.

To delete system users

  • In the Designer, enable the Common | DynamicUserLifetime configuration parameter and enter the maximum retention period in days for dynamic system users.

    If the configuration parameter is set, dynamic system users, whose retention period has expired, are deleted from the database as part of the daily maintenance tasks.

Permissions for tables and columns

In the Designer, you can edit permissions using the Permissions Editor. You can also simulate the permissions for the individual system users in the Permissions Editor.

With the Permissions Editor, you can:

  • Grant permissions for custom tables and custom columns to custom permissions groups

  • Grant permissions for predefined tables and predefined columns in the One Identity Manager schema to custom permissions groups

  • Grant permissions for custom tables and custom columns to predefined permissions groups

Permissions of predefined permissions groups for predefined tables and predefined columns of the One Identity Manager schema cannot be changed

For custom schema extensions, use the Schema Extension program to specify permissions groups. A permissions group is given read and write permissions as well as a permissions group with read-only permissions. This make initial access to the custom schema extensions possible with the One Identity Manager administration tools.

Detailed information about this topic

Displaying permissions of a permissions group

To display all permissions for a permission group

  1. In the Designer, select the Permissions category.

  2. Start the Permissions Editor using the Edit permissions task.

  3. In the Permissions Editor toolbar in the Permissions group menu, select the permissions group whose permissions you want to display.

    The tables and columns of the One Identity Manager schema and the permissions of the selected permissions group are displayed in the upper area of Permissions Editor. Use the following Permissions Editor options to adjust the layout.

    • To display tables with permissions first, enable the Options > Permissions sort order menu.

    • To display disabled tables and columns, enable the Options > Show disabled tables menu.

    • To use the display names of the tables and columns, enable the Options > Display name menu.

    • To limit the display of the tables, use the Show system tables, Show non-system tables, and Show all tables menu items in the Options menu. Alternatively, use the Define filter or Manage filters menu items to define your own user-defined filters for displaying the tables and columns.

      For more information about working with user-defined filters in the Designer, see One Identity Manager User Guide for One Identity Manager Tools User Interface.

Displaying permissions for tables

In the Permissions Editor, the Summary of all permissions view displays the permissions groups that have permissions for the selected column. The permissions in this view cannot be edited.

NOTE: To display the Summary of all permissions view, go to the Permissions Editor and enable View > Object permissions menu. The view is displayed in the lower area of the Permissions Editor.

To display all permissions for a table and its columns

  1. In the Designer, select the table in the Permissions > By tables category.

  2. Start the Permissions Editor using the Edit permissions for table task.

    The Summary of all permissions view displays the permissions groups that have permissions for the selected table.

    TIP: To display a permissions filter completely, click a condition in the view.

  3. (Optional) To display all the column permissions, open the table entry in the upper part of the Permissions Editor and select a column.

    The Summary of all permissions view displays the permissions groups that have permissions for the selected column.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级