立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Business Roles Administration Guide

Managing business roles
One Identity Manager users for business roles Hierarchical role structure basic principles Basic principles for assigning company resources Basics of calculating inheritance Preparing business roles for company resource assignments Base data for business roles Creating and editing business roles Assigning employees, devices, and workdesks to business roles Assigning business roles to company resources Analyzing role memberships and employee assignments Setting up IT operational data for business roles Creating dynamic roles for business roles Assign organizations Defining inheritance exclusion for business roles Assigning extended properties to business roles Creating assignment resources for application roles Dynamic roles for business roles with incorrectly excluded employees Reports about business roles
Role mining in One Identity Manager

Discontinuing inheritance

There are particular cases where you may not want to have inheritance over several hierarchical levels. That is why it is possible to discontinue inheritance within a hierarchy. The point at which the inheritance should be discontinued within a hierarchy is specified by the Block inheritance option. The effects of this depend on the chosen direction of inheritance.

  • Roles marked with the Block inheritance option do not inherit any assignments from parent levels in top-down inheritance. It can, however, pass on its own directly assigned company resources to lower level structures.

  • In bottom-up inheritance, the role labeled with the “Block inheritance” option inherits all assignments from lower levels in the hierarchy. However, it does not pass any assignments further up the hierarchy.

The Block inheritance option does not have any effect on the calculation of the manager responsible.

Example: Discontinuing inheritance top-down

If the Block inheritance option is set for the "Sales" department in the top-down example, it results in sales employees only being assigned the "Address management" software and employees in the "Dealer sales" department inherit the "Address management" and "Internet" software. Software applications in the "Entire organization" department are however, assigned to employees in the "Sales" and "Dealer sales" departments.

Figure 3: Discontinuing inheritance top-down

Example: Discontinuing inheritance bottom-up

An employee from the "Programming" project group receives software applications from the project group as well as those from the projects groups below. In this case, the development environment, assembler tool and the prototyping tool. If the "Programming" project group has labeled with the Block inheritance option, it no longer passes down inheritance. As a result, only the CASE tool is assigned to employees in the "Project lead" project group along with the software application project management. Software applications from the "Programming", "System programming", and "Interface design" projects groups are not distributed to the project lead.

Figure 4: Discontinuing inheritance bottom-up

Related topics

Basic principles for assigning company resources

You can assign company resources to employees, devices, and workdesks in One Identity Manager. You can use different assignments types to assign company resources.

Assignments types are:

Direct company resource assignments

Direct assignment of company resources results from the assignment of a company resource to an employee, device, or workdesk, for example. Direct assignment of company resources makes it easier to react to special requirements.

Figure 5: Schema of a direct assignment based on the example of an employee

Indirect company resource assignments

In the case of indirect assignment of company resources, employees, devices, and workdesks are arranged in departments, cost centers, locations, business roles, or application roles. The total of assigned company resources for an employee, device, or workdesk is calculated from the position within the hierarchies, the direction of inheritance (top-down or bottom-up) and the company resources assigned to these roles. In the Indirect assignment methods a difference between primary and secondary assignment is taken into account.

Figure 6: Schema of an indirect assignment based on the employee example

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级