Managing my system roles
System roles combine company resources that must always be assigned to identities together into a single package. Different types of company resources can be grouped into one system role, such as Active Directory groups, software, and resources. System roles can be assigned to user accounts, requested, or inherited through hierarchical roles. Employees and workdesks inherit company resources assigned to the system roles.
You can perform a variety of actions regarding system roles that you manage and gather information about them.
Detailed information about this topic
Displaying my system roles
You can display all the system roles for which you are responsible.
To display system roles
-
Open the home page.
-
On the Home page, in the My Responsibilities tile, click System roles.
This opens the System Roles page and displays all the system roles for which you are responsible.
-
(Optional) To display details of a system role, click Edit next to the system role.
Displaying and editing my system roles' main data
You can edit the main data of the system roles for which you are responsible.
To display and edit a system role's main data
-
Open the home page.
-
On the Home page, in the My Responsibilities tile, click System roles.
-
On the System Roles page, next to the system role whose main data you want to show/edit, click Edit.
-
In the Edit System Role pane, make your changes in the corresponding fields.
Table 29: System role main data
|
System role |
Enter a full, descriptive name for the system role. |
|
Display name |
Enter a name for displaying the system role in the One Identity Manager tools. |
|
Internal product name |
Enter a company internal name for the system role. |
|
System role type |
Select the role type of the system role.
The system role type specifies which type of company resources make up the system role. |
|
Service item |
Shows you the associated service item. |
|
System role manager |
Click Change and select the identity responsible for the system role. This identity can edit the system role's main data and be used as an attestor for system role properties.
If the system role can be requested in the IT Shop, the manager will automatically be a member of the application role for product owners assigned the service item. |
|
Comment |
Enter a comment for the system role. |
|
IT shop |
Select the check box if the system role can also be requested through the IT Shop. This system role can be requested by identities through the Web Portal and the request granted by a defined approval process. The system role can still be assigned directly to identities and hierarchical roles. For more information about IT Shop, see the One Identity Manager IT Shop Administration Guide. |
|
Only use in IT Shop |
Select the check box if the system role can only be requested through the IT Shop. This system role can be requested by identities through the Web Portal and the request granted by a defined approval process. The system role may not be assigned directly to hierarchical roles. |
-
Click Save.
Managing my system role memberships
As soon as a system role is assigned to an identity, the identity becomes a member in the system role.
Detailed information about this topic
You can edit the following main data.