立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.2 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning employees, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded employees Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Employee administration
One Identity Manager users for employee administration Basic data for employee main data Employee's central user account Employee's default email address Employee's central password Mapping multiple employee identities Password policies for employees Creating and editing employees Disabling and deleting employees Deleting all employee related data Limited access to One Identity Manager Changing the certification status of employees Assigning company resources to employees Displaying the origin of employees' roles and entitlements Analyzing role memberships and employee assignments Displaying the employees overview Displaying and deleting employees' Webauthn security keys Determining the language for employees Determining employees working hours Manually assigning user accounts to employees Entering calls for employees Assigning extended properties to employees Employee reports
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing employees Configuration parameters for managing devices and workdesks

Dynamic roles with incorrectly excluded employees

In the Manager, you can obtain an overview of all the dynamic roles with conflicting entries in the exclude list. This means that for at least one item in the list the following applies:

  • The dynamic role condition does not apply.

    For example, this might occur if the dynamic role condition was changed after a person was entered in the exclude list.

    - OR -

  • The excluded person is also assigned to the role in another way

    such as through inheritance or direct assignment.

Check these entries and correct the assignments.

To check conflicting entries of departments, locations, or cost centers in the exclusion list

  1. In the Manager, select the Organizations > Troubleshooting > Dynamic roles with potentially incorrect excluded employees category.

  2. Select the dynamic role in the result list.

  3. Select the Exclude employees task.

    In the exclusion list you can see which employees are affected by the given conditions.

Related topics

Assign organizations

Use this task to map the relationships of a department, cost center of a location to other roles. This task has the same effect as assigning a department, cost center, or location on the role main data form. The assignment is entered in the respective foreign key column in the base table.

To assign a cost center or location to departments

  1. In the Manager, select the Organizations > Cost centers or the Organizations > Locations category.

  2. Select the role in the result list.

  3. Select the Assign organizations task.

  4. Select the Departments tab.

  5. In the Add assignments pane, assign departments.

    The selected role is primarily assigned to all departments as a cost center or location.

  6. Save the changes.

To assign a department or a location to cost centers

  1. In the Manager, select the Organizations > Departments or the Organizations > Locations category.

  2. Select the role in the result list.

  3. Select the Assign organizations task.

  4. Select the Cost centers tab.

  5. In the Add assignments pane, assign cost centers.

    The selected role is primarily assigned to all cost centers as a department or location.

  6. Save the changes.

To assign a department or a cost center to locations

  1. In the Manager, select the Organizations > Departments or the Organizations > cost centers category.

  2. Select the role in the result list.

  3. Select the Assign organizations task.

  4. Select the Locations tab.

  5. In the Add assignments pane, assign locations.

    The selected role is primarily assigned to all locations as a department or cost center.

  6. Save the changes.

Specifying inheritance exclusion for departments, cost centers, and locations

You can define conflicting roles to prevent employees, devices, or workdesks from being assigned to several roles at the same time and from obtaining mutually exclusive company resources through these roles. At the same time, specify which departments, cost centers, and locations are mutually exclusive. This means you may not assign these roles to one and the same employee (device, workdesk).

NOTE: Only roles, which are defined directly as conflicting roles cannot be assigned to the same employee (device, workdesk). Definitions made on parent or child roles do not affect the assignment.

To configure inheritance exclusion

  • In the Designer, set the QER | Structures | ExcludeStructures configuration parameter and compile the database.

    NOTE: If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

To define inheritance exclusion for a departments

  1. In the Manager, select the Organizations > Departments category.

  2. Select the department in the result list.

  3. Select Edit conflicting departments.

  4. In the Add assignments pane, assign departments that are mutually exclusive to the selected department.

    - OR -

    In the Remove assignments pane, remove the departments that are no longer mutually exclusive.

  5. Save the changes.

To define inheritance exclusion for a cost center

  1. In the Manager, select the Organizations > Cost centers category.

  2. Select the cost center in the result list.

  3. Select Edit conflicting cost centers.

  4. In the Add assignments pane, assign cost centers that are mutually exclusive to the selected cost center.

    - OR -

    In the Remove assignments pane, remove the cost centers that are no longer mutually exclusive.

  5. Save the changes.

To define inheritance exclusion for a cost center

  1. In the Manager, select the Organizations > Locations category.

  2. Select the location in the result list.

  3. Select Edit conflicting locations.

  4. In the Add assignments pane, assign locations that are mutually exclusive to the selected location.

    - OR -

    In the Remove assignments pane, remove the locations that are no longer mutually exclusive.

  5. Save the changes.
Detailed information about this topic

Assigning extended properties to departments, cost centers, and locations

You can assign extended properties to departments, cost centers, and locations. Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To set extended properties

  1. In the Manager, select the Organizations > <role class> category.

  2. Select the role in the result list.

  3. Select Assign extended properties.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .

  5. Save the changes.
Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级