立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.2 - System Roles Administration Guide

Displaying the system role overview

Use this task to obtain an overview of the most important information about a system role.

To obtain an overview of a system role

  1. In the Manager, select the Entitlements > System roles category.

  2. Select the system role in the result list.

  3. Select the System role overview task.

Configuration parameters for system roles

The following configuration parameters are available in One Identity Manager after the module has been installed.

Table 7: Configuration parameters for the module
Configuration parameter Description

QER | ESet

Preprocessor relevant configuration parameter for controlling the database model components for system roles. If this parameter is set, system components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | Structures | Inherite | ESetExclusion

Preprocessor-relevant configuration parameter for defining the effectiveness of system roles If this parameter is set, mutually excluding system roles can be defined. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | Structures | Inherite | NoESetSplitting

Specifies whether the components of a system role are already split in the hierarchical role (as previously) or not (current behavior). If this parameter is set, the system roles are not broken down into their individual components until the target of the inheritance.

The configuration parameter does not affect child system roles.

Examples of system role inheritance

The following example shows how inheritance of company resources through system roles works and what effect exclusion definitions have.

Example of a system role hierarchy

The following tables show how assignments to system roles and the system role hierarchy is mapped in the One Identity Manager database.

Table 8: System roles: assignments (ESetHasEntitlement)
System role (UID_ESet) Assignment System Role (Entitlement) Origin (XOrigin)
System role A System role A1 1
System role A System role A2 1
System role A System role A11 2
System role A System role A12 2
System role A1 System role A11 1
System role A1 System role A12 1
System role A1 System entitlement 1
System role A2 Software 1
System role A11 Active Directory group 1
System role A12 SAP role 1
System role B Resource 1
Table 9: System role hierarchy (table ESetCollection)

System role (UID_ESet)

Child System Role (UID_ESetChild)

System role A System role A
System role A System role A1
System role A System role A2
System role A System role A11
System role A System role A12
System role A1 System role A1
System role A1 System role A11
System role A1 System role A12
System role A11 System role A11
System role A12 System role A12
System role A2 System role A2
System role B System role B
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级