立即与支持人员聊天
与支持团队交流

Identity Manager 8.1.5 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Creating a One Identity Manager database for a test or development environment from a database backup Advanced configuration of the Manager web application Machine roles and installation packages

Permissions for the One Identity Manager database in a managed instance in an Azure SQL Database

The following users are identified for using a One Identity Manager database in a managed instance in the Azure SQL Database with the granular permissions concept. User permissions at server and database level are matched to their tasks.

  • Installation user

    The installation user is needed for the initial installation of a One Identity Manager database using the Configuration Wizard.

  • Administrative user

    The administrative user is used by One Identity Manager components that require permissions at server and database level, including for example the Configuration Wizard, DBQueue Processor, or the One Identity Manager Service.

  • Configuration user

    The configuration user can execute configuration tasks within One Identity Manager, for example, creating customer-specific schema extensions or working with the Designer. Configuration users need permissions at the server and database levels.

  • End user

    End users are only assigned permissions at database level in order, for example, to complete tasks with the Manager or the Web Portal.

Permissions for installation users

A SQL Server login and a database user with the following permissions must be provided for the installation user.

SQL Server:

  • Member of dbcreator server role

    The server role is only required if the database is created using the Configuration Wizard.

  • Member of securityadmin server role

    This server role is required to create SQL Server logins.

  • view server state permissions with the with grant option option and alter any connection permissions with the with grant option option.

    The permissions are required to check connections and close these if necessary.

  • alter any server role permissions

    The permissions are required to create the server role for the administrative user.

msdb database:

  • Select permissions with the with grant option option for the dbo.sysjobs, sysjobsteps, dbo.sysjobschedules, dbo.sysjobactivity, dbo.sysschedules, and dbo.sysjobhistory tables

    The permissions are required to execute and monitor database schedules.

  • alter any user permissions

    The permissions are required to create the necessary database users for the administrative user.

  • alter any role permissions

    This permission is required to create the necessary database role for the administrative user.

master database:

  • alter any user permissions

    The permissions are required to create the necessary database users for the administrative user.

  • alter any role permissions

    This permission is required to create the necessary database role for the administrative user.

  • Execute permissions with the with grant option option for the xp_readerrorlog procedure

    The permissions are required to find out information about the database server's system status.

  • Execute permissions with the with grant option option for the xp_sqlagent_is_starting, xp_sqlagent_notify, and xp_sqlagent_enum_jobs procedures

    The permissions are required to execute and monitor database schedules.

One Identity Manager database:

  • Member of the db_owner database role

    This database role is only required if you wish to use an existing database or a schema update is performed when installing the schema with the Configuration Wizard.

Permissions for administrative users

During the installation of the One Identity Manager database using the Configuration Wizard, the following principal elements and permissions are created for the administrative user:

SQL Server:

  • OneIMAdminRole_<DatabaseName> server role

    • alter any server role permissions

      The permissions are required to create the server role for the configuration user.

    • view any definition permissions

      The permissions are required to link the SQL Server logins for the configuration user and the end user with the corresponding database users.

  • <DatabaseName>_Admin SQL server login

    • Member of the OneIMAdminRole_<DatabaseName> server role

    • view server state permissions with the with grant option option, and alter any connection permissions with the with grant option option

      The permissions are required to check connections and close these if necessary.

msdb database:

  • OneIMRole_<DatabaseName> database role
    • Member of the SQLAgentUserRole database role

      The database role is required to execute database schedules.

    • Select permissions for the dbo.sysjobs,sysjobsteps, dbo.sysjobschedules, dbo.sysjobactivity, dbo.sysschedules and dbo.sysjobhistory tables

      The permissions are required to execute and monitor database schedules.

  • OneIM_<DatabaseName> database user
    • Member of the OneIMRole_<DatabaseName> database role

    • The database user is assigned to the <DatabaseName>_Admin SQL server login.

master database:

  • OneIMRole_<DatabaseName> database role

    • Execute permissions for the xp_readerrorlog procedure

      The permissions are required to find out information about the database server's system status.

    • Execute permissions for the xp_sqlagent_is_starting, xp_sqlagent_notify, and xp_sqlagent_enum_jobs procedures

      The permissions are required to execute and monitor database schedules.

  • OneIM_<DatabaseName> database user
    • Member of the OneIMRole_<DatabaseName> database role

    • The database user is assigned to the <DatabaseName>_Admin SQL server login.

One Identity Manager database:

  • Admin database user

    • Member in db_owner database role

      The database role is required to update a database with the Configuration Wizard.

    • The database user is assigned to the <DatabaseName>_Admin SQL server login.

Permissions for configuration users

During the installation of the One Identity Manager database using the Configuration Wizard, the following principal elements and permissions are created for configuration users:

SQL Server:

  • OneIMConfigRole_<DatabaseName> server role

    • view server state and alter any connection permissions

      The permissions are required to check connections and close these if necessary.

  • <DatabaseName>_Config SQL login

    • Member of the OneIMConfigRole_<DatabaseName> server role

One Identity Manager database:

  • OneIMConfigRoleDB database role

    • Create Procedure, Delete, Select, Create table, Update, Checkpoint, Create View, Insert, Execute, and Create function permissions for the database
  • Config database user

    • Member of the OneIMConfigRoleDB database role
    • The database user is connected with the <DatabaseName>_ConfigSQL Server login.
Permissions for end users

The following principals are created with the permissions for end users during the installation of the One Identity Manager database with the Configuration Wizard:

SQL Server:

  • <DatabaseName>_User SQL login

One Identity Manager database:

  • OneIMUserRoleDB database role

    • Insert, Update, Select, and Delete permissions for selected tables in the database
    • View Definition permissions for the database
    • Execute and References permissions for individual functions, procedures, and types
  • User database user

    • Member of the OneIMUserRoleDB database role
    • The database user is connected with the <DatabaseName>_User SQL Server login.

Minimum system requirements for administrative workstations

One Identity Manager administration and configuration tools are installed on an administrative workstation in order to edit and display data.

The following system prerequisites must be guaranteed for installing tools on an administrative workstation.

Table 9: Minimum system requirements - administrative workstations

Processor

4 physical cores 2 GHz+

Memory

4 GB+ RAM

Hard drive storage

1 GB

Operating system

Windows operating systems

Following versions are supported:

  • Windows 10 (32-bit or 64-bit) minimum version 1511
  • Windows 8.1 (32-bit or 64-bit) with the current Service Pack
  • Windows 7 (32-bit or non-Itanium 64-bit) with the current service pack

Additional software

  • Microsoft .NET Framework Version 4.7.2 or later

Supported browsers

  • Internet Explorer 11 or later
  • Firefox (Release Channel)
  • Chrome (Release Channel)
  • Microsoft Edge (Release Channel)

Minimum system requirements for the service server

The One Identity Manager Service enables the distribution of the information that is administrated in the One Identity Manager database throughout the network. The One Identity Manager Service performs data synchronization between the database and any connected target systems and executes actions at the database and file level.

The following system prerequisites must be fulfilled to install the One Identity Manager Service on a server.

Table 10: Minimum system requirements - services server

Processor

8 physical cores 2.5 GHz+

Memory

16 GB RAM

Hard drive storage

40 GB

Operating system

Windows operating systems

The following versions are supported:

  • Windows Server 2008 R2 (non-Itanium based 64-bit) service pack 1 or later

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server 2019

Linux operating systems

  • Linux operating system (64-bit), supported by the Mono project, or Docker images provided by the Mono project.

Additional software

Windows operating systems

  • Microsoft .NET Framework Version 4.7.2 or later

    NOTE: Take the target system manufacturer's recommendations for connecting the target system into account.

Linux operating systems

  • Mono 5.14 or higher

    NOTE: In newer versions of Mono, starting with version 6.10, set the MONO_PATH environment variable explicitly to the current install directory to ensure that all referenced assemblies can be loaded.

Related topics

Minimum system requirements for the web server

The following system prerequisites must be fulfilled to install web applications on a web server.

Table 11: System requirements - web server

Processor

4 physical cores 1.65 GHz+

Memory

4 GB RAM

Hard drive storage

40 GB

Operating system

Windows operating systems

The following versions are supported:

  • Windows Server 2008 R2 (non-Itanium based 64-bit) service pack 1 or later

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server 2019

Linux operating systems

  • Linux operating system (64-bit), supported by the Mono project, or Docker images provided by the Mono project. Note the operating system manufacturer's minimum requirements for Apache HTTP Server.

Additional software

Windows operating systems

  • Microsoft .NET Framework Version 4.7.2 or later

  • Microsoft Internet Information Services 10 or 8.5 or 8 or 7.5 or 7 with ASP.NET 4.7.2 and the Role Services:
    • Web Server | Common HTTP Features | Static Content
    • Web Server | Common HTTP Features | Default Document
    • Web Server | Application Development | ASP.NET
    • Web Server | Application Development | .NET Extensibility
    • Web Server | Application Development | ISAPI Extensions
    • Web Server | Application Development | ISAPI Filters
    • Web Server | Security | Basic Authentication
    • Web Server | Security | Windows Authentication
    • Web Server | Performance | Static Content Compression
    • Web Server | Performance | Dynamic Content Compression

Linux operating systems

  • NTP - Client
  • Mono 5.14 or higher
  • Apache HTTP Server 2.0 or 2.2 with the following modules:
    • mod_mono
    • rewrite
    • ssl (optional)
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级