立即与支持人员聊天
与支持团队交流

Identity Manager 9.1.3 - Authorization and Authentication Guide

About this guide One Identity Manager application roles Granting One Identity Manager schema permissions through permissions groups Managing permissions to program functions One Identity Manager authentication modules OAuth 2.0/OpenID Connect authentication Multi-factor authentication in One Identity Manager Granular permissions for the SQL Server and database Installing One Identity Redistributable STS Preventing blind SQL injection Program functions for starting the One Identity Manager tools Minimum access levels of One Identity Manager tools

Copying permissions groups

The User & Permissions Group Editor provides a wizard for copying permissions and the user interface of an existing permissions group to a new permissions group.

To copy a permissions group

  1. In the Designer, select the Permissions > Permissions groups category.

  2. Select the permissions group you want to copy and start the User & Permissions Group Editor with the Edit permissions group task.

  3. Select the Permissions groups > Copy permissions group menu item.

  4. On the start page of the wizard for copying permissions groups, click Next.

  5. On the Select permissions group page, enter the following information:

    • Select permissions group to copy: The permissions group is pre-selected.

    • Copy name: Name of the new permissions group. A name suggestion is already entered that you can modify. Ensure that the permissions group name begins with the prefix CCC.

  6. On the Select copy options page, specify which permissions group relations are to be copied. You can select multiple options. The following copy options are available.

    Table 22: Copy options for permissions groups
    Option Description

    Permissions

    Enable this option to copy the table permissions and column permissions of the selected permissions group to the new permissions group.

    User interface

    Enable this option to copy the menu items, the forms and the task definitions of the selected permissions group to the new permissions group.

    System user

    Select this option if the system user should be copied to the new permissions group.

    NOTE: Predefined system users are not included in the new permissions group.

  7. To start compiling, click Next.

    The copying process may take some time.

  8. The Copy permissions group page shows the individual copy steps and any error messages. If the copy action is complete, click Next.

  9. To end the wizard, click Finish on the last page.

Related topics

Creating permissions groups

To create a permissions group

  1. In the Designer, select the Permissions category.

  2. Start the User & Permissions Group Editor with the Show / edit permissions group task.

  3. Add a new permissions group using the Permissions groups > New menu item.

  4. Edit the main data of the permissions group.

  5. Select the Database > Commit to database and click Save.

Related topics

Permissions group properties

Table 23: Properties of a permissions group
Property Description

Permissions group

Name of the permissions group. Label custom permission groups with the prefix CCC.

Description

Detailed description of the permissions group’s purpose.

Remarks

Text field for additional explanation.

Preprocessor condition

You can add a preprocessor condition to permissions groups. This means that the permissions group is only effective when the condition is met.

Permissions group binary pattern

The permissions group binary pattern is used to calculate effective system user permissions. It is provided by the DBQueue Processor.

Only use for role-based authentication

This group includes permissions, form assignments, menu items and program functions for role-based authentication. The permissions group can be assigned to One Identity Manager application roles and is assigned to dynamically determined system users. A direct assignment to non-dynamic system user is not permitted.

NOTE: This function is available if the Identity Management Base Module is installed.

Related topics

Editing system users

One Identity Manager provides various system users whose permissions are matched to the various tasks. Create your own system users if required. Add the system users to permissions groups, thereby granting the system users permissions for the tables and columns of the One Identity Manager schema and make the user interface available.

The system user's effective permissions that are found are not saved in the One Identity Manager schema, but are determined when logging into One Identity Manager tools and then they are loaded.

When installing the One Identity Manager database using the Configuration Wizard, create an administrative system user that is added to non role-based permissions groups and receives all the permissions of the viadmin default system user.

In the Designer, system users are displayed in the Permissions > System users category. This shows you an overview of the permissions groups that are assigned to each individual system user. Use the Designer to create and edit your system user in the User & Permissions Group Editor.

You can run the following tasks:

  • Create new system users, such as an administrative system users or system users for service accounts

  • Configure password settings for system users

  • Add system users to permission groups

  • Determine which employees use a system user

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级