立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Identity Management Base Module Administration Guide

Basics for mapping company structures in One Identity Manager Dynamic roles Departments, cost centers, and locations
One Identity Manager users for managing departments, cost centers, and locations Basic information for departments, cost centers, and locations Creating and editing departments Creating and editing cost centers Creating and editing locations Setting up IT operating data for departments, cost centers, and locations Assigning identities, devices, and workdesks to departments, cost centers, and locations Assigning company resources to departments, cost centers, and locations Creating dynamic roles for departments, cost centers, and locations Dynamic roles with incorrectly excluded identities Assign organizations Specifying inheritance exclusion for departments, cost centers, and locations Assigning extended properties to departments, cost centers, and locations Certifying departments, cost centers, and locations Reports about departments, cost centers, and locations
Identity administration
One Identity Manager users for managing identities Basics for managing identities Creating and editing identities Assigning company resources to identities Displaying the origin of identities' roles and entitlements Analyzing role memberships and identity assignments Deactivating and deleting identities Deleting all personal data Limited access to One Identity Manager Changing the certification status of identities Displaying the identities overview Displaying and deleting identities' Webauthn security keys Determining the language for identities Determining identities working hours Manually assigning user accounts to identities Entering tickets for identities Assigning extended properties to identities Reports about identities Basic configuration data for identities
Managing devices and workdesks Managing resources Setting up extended properties Configuration parameters for managing departments, cost centers, and locations Configuration parameters for managing identities Configuration parameters for managing devices and workdesks

Main data of exclude lists for dynamic roles

The following main data is displayed for an identity in the exclusion list of a dynamic role.

Table 6: Main data of exclude lists for dynamic roles

Property

Description

Identity

Unique identifier of the excluded identity.

Description

Reason for excluding the identity. If the identity is excluded because attestation was denied or due to a rule violation, a standard reason is entered here.

Condition not applicable

Specifies whether the dynamic role condition applies to the excluded person. If the option is disabled, the condition applies.

TIP: If the option is enabled, the identity can be removed from the exclusion list. For more information, see Removing identities from the exclusion list.

Not assigned by dynamic role

Specifies whether the excluded identity is still assigned to the role by another way.

Identities can, in addition, also become members of the role directly or by assignment request or delegation. The exclusion list does not influence these assignments.

Related topics

Displaying the dynamic role overview

You can display the most important information about a dynamic role on the overview form.

To obtain an overview of a dynamic role

  1. In the Manager, select the role for which the dynamic role was created. The department, for example.

  2. Open the role's overview form.

  3. Select Dynamic roles and click on the dynamic role.

  4. Select the Dynamic role overview task.

  5. Select the report Show overview.

    The report provides a summary of key information about a dynamic role, including the schedule, excluded identities, and recalculation properties.

Main data for dynamic roles

Enter the following data for a dynamic role.

Table 7: Dynamic role main data
Property Description

Role/Organization

Role (department, cost center, location, business role, IT Shop node, application node) referenced by the dynamic role. This data is preset with the selected role.

Object class

Object class that the dynamic role applies to. Choose between Identity, Device, and Workdesk.

NOTE: The combination of object class and role must be unique. It is not possible that two dynamic roles from the same object class to refer to one role.

Dynamic role

Name of the dynamic role.

Calculation schedule

Schedule, which triggers cyclical recalculation of the role membership.

To create a schedule, click . Enter the schedule's main data.

Description

Text field for additional explanation.

Condition

Defines which objects of the object class become members of the selected role. For more information, see Tips about conditions for dynamic roles.

For more information, see Tips about conditions for dynamic roles.

No recalculation of assignments

Specifies whether to recalculate memberships. If the option is enabled, role memberships will not be recalculated automatically. Existing role memberships remain as they are.

Immediate recalculation of assignments

Specifies whether the dynamic role is recalculated if changes are made to specified properties. If the option is enabled, specify the properties for recalculation.

Recalculation property: Property

Property whose change triggers an immediate recalculation of the dynamic role.

Recalculation property: Disabled

Specifies whether immediate recalculation of the property is disabled.

Related topics

Departments, cost centers, and locations

Departments, cost centers, locations, and business roles are each mapped to their own hierarchy under Organizations. This is due to their special significance for daily work schedules in many companies. Various company resources can be assigned to organizations, for example, permissions in different SAP systems or Azure Active Directory tenants. You can add identities to single roles as members. Identities obtain their company resources through these assignments when One Identity Manager is appropriately configured.

Detailed information about this topic
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级