You can view pending changes in the Manager. Here, manual, and automatic provisioning processes are shown.
To display pending changes
-
In the Manager, select the Database > Pending changes menu item.
You can view pending changes in the Manager. Here, manual, and automatic provisioning processes are shown.
To display pending changes
In the Manager, select the Database > Pending changes menu item.
Pending changes are saved for a fixed period. After this period has expired, the entries are deleted by the DBQueue Processor from the QBMPendingChange and QBMPendingChangeDetail tables. The retention period depends on the status of provisioning processes and can be configured in the configuration parameter.
To configure the retention period for pending changes
To change the retention period for successful provisioning processes, in the Designer, edit the value of the QBM | PendingChange | LifeTimeSuccess configuration parameter. Enter a retention period in days. The default is 2 days.
To change the retention period for failed provisioning processes, in the Designer, edit the value of the QBM | PendingChange | LifeTimeError configuration parameter and enter the retention period in days. The default is 30 days.
To change the retention period for pending provisioning processes, in the Designer, edit the value of the QBM | PendingChange | LifeTimeRunning configuration parameter and enter the retention period in days. The default is 60 days.
The main feature of One Identity Manager is to map employees together with the main data and permissions available to them in different target systems. To achieve this, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This provides an overview of the permissions for each employee in all of the connected target systems. One Identity Manager offers the option of managing user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.
Because requirements vary between companies, One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following methods for linking employees and their user accounts:
Employees can automatically obtain their account definitions using user account resources. If an employee does not yet have a user account
When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.
For more information about employee handling and administration, see the One Identity Manager Target System Base Module Administration Guide.
One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
The data for the user accounts in the respective target system comes from the basic employee data.
Specify the manage level for an account definition for managing user accounts. The user account’s manage level specifies the extent of the employee’s properties that are inherited by the user account. This allows an employee to have several user accounts in one target system, for example:
Default user account that inherits all properties from the employee.
Administrative user account that is associated to an employee but should not inherit the properties from the employee.
For more detailed information about the principles of account definitions, manage levels, and determining the valid IT operating data, see the One Identity Manager Target System Base Module Administration Guide.
The following steps are required to implement an account definition:
Creating account definitions
Configuring manage levels
Creating the formatting rules for IT operating data
Collecting IT operating data
Assigning account definitions to employees and target systems
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center