Displaying permissions for objects
You can display object properties and permissions in One Identity Manager tools.
NOTE: The Manager must be running in expert mode to show object properties.
To view an object's permissions
-
Select the object and open the Properties context menu.
-
Select the Permissions tab.
On the Permissions tab, based on the permissions groups, you see what permissions apply to an object. The first entry shows the basic permissions for the table. The permissions for this particular object are displayed beneath that. The other entries show the column permissions.
TIP: Double-click the table entry, the object entry, or a column entry to display the permissions group from which the permissions were determined.
Table 26: Icon used for permissions
|
|
Permissions exist. |
|
|
Permissions have been removed by the object layer. |
|
|
Permissions limited by conditions. |
Displaying permissions for the current user
To get more information about the current user
Table 27: Extra information about the current user
|
System users |
Name of system user |
|
Authenticated by |
Name of the authentication module used for logging in. |
|
Employee UID (UserUID) |
Unique ID for the current user’s employee if an employee related authentication module is used to log in. |
|
SQL access level |
Access level of the database server used to log in. |
|
Read-only |
The system user has only has read permissions. Modification to data are not possible. |
|
Dynamic user |
The current user uses a dynamic system user. Dynamic system users are applied when a role-based authentication module is used. |
|
Administrative user |
The current user uses an administrative system user. |
|
Remarks |
More details about the system user in use. |
|
Permissions group |
Permissions groups that are assigned to the system user. The permissions groups determine the user's user interface and object permissions. |
|
Program functions |
Program functions assigned to the system user The menu items and functions available depend on the program functions. |
Assigning role-based permissions groups to an applications
If you assign a permissions group to an application, the permissions of the group apply only to this application. When a user logs on to the application, they receive the permissions of the permissions group in addition to their own permissions.
To assign a role-based permissions group to an application
-
In the Designer, select the Permissions > Permissions groups > Role based permissions groups category.
-
Select View > Select table relations and enable the DialogGroupInProductLimited table.
-
In the List Editor, select the permissions group.
-
Assign the application in the Applications edit view.
-
Select the Database > Save to database and click Save.
For detailed information about applications in One Identity Manager, see the One Identity Manager Configuration Guide.
Managing permissions to program features
Program functions are part of the permission model in One Identity Manager. They allow you to enable and disable features. Program functions are not assigned to single users but to permissions groups. The set of program functions defined for a user is determined by their permissions groups and the program functions contained in them.
One Identity Manager tools can only be started if the user has the relevant program function permissions. Furthermore, some functions in the One Identity Manager tools are available only if the program functions are assigned to the current user. This includes data export from the Manager, calling the SQL Editor in the Designer or showing DBQueue Processor information in all programs, as examples.
Detailed information about this topic
icon in the program status bar.