Here, you can enter values to classify the business roles, which analyze the risk of a business role with respect to identity audit.
Table 12: Main data of a business role's functional area
Functional area |
Department functional area This data is required for department's risk assessment. |
Risk index (calculated) |
A risk index is calculated for the department risk assessment based on assigned company resources. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set. For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
Transparency index |
Specifies how well you can trace location assignments. Use the slider to enter a value between 0 and 1.
0: no transparency
1: full transparency |
Max. number of rule violations |
Number of rule violations allowed in this business role. The value can be evaluated when compliance rules are checked. For more information, see the One Identity Manager Compliance Rules Administration Guide.
NOTE: This property is only available if the Compliance Rules Module is installed. |
Turnover for this unit |
Business roles turnover. |
Earnings for this unit |
Business roles earnings. |
Related topics
Enter any custom master data. Use the Designer to customize display names, formats, and templates for the input fields.
Table 13: Custom main data for a support team
Spare field no. 01 ... Spare field no. 10 |
Additional company-specific information. |
Spare date no. 01 ... Spare date no. 03 |
Additional company-specific information. |
In order for identities, devices, and workdesks to inherit company resources, you must assign the objects to roles.
TIP: Use dynamic roles to assign identities, devices, and workdesks to business roles automatically.
To add identities, devices, and workdesks to a business role
-
In the Manager, select the Business roles > <role class> category.
-
Select the business role in the result list.
-
Select the appropriate task.
-
Assign identities
-
Assign devices
-
Assign workdesks
-
In the Add assignments pane, assign objects.
TIP: In the Remove assignments pane, you can remove object assignments.
To remove an assignment
- Save the changes.
Related topics
The default method of assigning identities, devices, and workdesks is indirect assignment. This allocates an identity, a device or a workdesk to business roles, cost centers, or locations. The total of assigned company resources for an identity, a device or workdesk is calculated from their position within the hierarchy, the direction of inheritance and the company resources assigned to these roles.
Indirect assignment is divided into:
-
Secondary assignment
You make a secondary assignment by classifying an identity, a device, or a workdesk within a role hierarchy. Secondary assignment is the default method for assigning and inheriting company resources through roles.
IMPORTANT: You use role classes to specify whether a secondary assignment of company resources is possible.
If an identity, device or a workdesk fulfills the requirements of a dynamic role, the object is added dynamically to the corresponding company structure and can obtain company resources through it.
-
Primary assignment
You make a primary assignment using a business role, cost center, or location foreign key reference in identity, device and workdesk objects. Primary assignment inheritance can be enable through configuration parameters.
You must assign company resources to business roles, cost centers, or locations so that identities, devices, and workdesks can inherit company resources. The following table shows the possible company resources assignments.
NOTE: Company resources are defined in the One Identity Manager modules and are not available until the modules are installed.
Table 14: Possible company resource assignments
Resources |
always |
Account definitions |
Target System Base Module |
Groups of custom target systems |
Target System Base Module |
System entitlements of custom target systems |
Target System Base Module |
Active Directory groups |
Active Directory Module |
SharePoint groups |
SharePoint Module |
SharePoint roles |
SharePoint Module |
LDAP groups |
LDAP Module |
Notes groups |
Domino Module |
SAP groups |
SAP R/3 User Management Module |
SAP profiles |
SAP R/3 User Management Module |
SAP roles |
SAP R/3 User Management Module |
SAP parameters |
SAP R/3 User Management Module |
Structural profiles |
SAP R/3 Structural Profiles Add-on Module |
BI analysis authorizations |
SAP R/3 Analysis Authorizations Add-on Module |
E-Business Suite permissions |
Oracle E-Business Suite Module |
System roles |
System Roles Module |
Subscribable reports |
Report Subscription Module |
Software |
Software Management Module |
Azure Active Directory groups |
Azure Active Directory Module |
Azure Active Directory administrator roles |
Azure Active Directory Module |
Azure Active Directory subscriptions |
Azure Active Directory Module |
Disabled Azure Active Directory service plans |
Azure Active Directory Module |
Unix groups |
Unix Based Target Systems Module |
Cloud groups |
Cloud Systems Management Module |
Cloud system entitlements |
Cloud Systems Management Module |
PAM user groups |
Privileged Account Governance Module |
Google Workspace groups |
Google Workspace Module |
Google Workspace products and SKUs |
Google Workspace Module |
SharePoint Online groups |
SharePoint Online Module |
SharePoint Online roles |
SharePoint Online Module |
OneLogin roles |
OneLogin Module |
To add company resources to a hierarchical role
-
In the Manager, select the Business roles > <role class> category.
-
Select the role in the result list.
-
Select the task to assign the corresponding company resource.
-
In the Add assignments pane, assign company resources.
TIP: In the Remove assignments pane, you can remove company assignments.
To remove an assignment
- Select the company resource and double-click .
- Save the changes.
Detailed information about this topic
Related topics