Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

Introduction

A role is the key element of an efficient access management. It bundles various resources of all managed systems into a logical unit that can be assigned, managed, versioned, approved and ordered. It can be used to abstract the complex infrastructure into logically grouped elements that are more understandable to the business. Each role is of a specific Role Type and has various other other properties that are described here.

Resource assignments

By placing resources into a role, each assigned Core Identity will be assigned the current resource with the specified access level given that the Core Identity types matches. When creating a resource assignment to the role you therefore have to select the appropriate identity type. This identity type will be used to determinate the Core Identity Type.

You also have the option to deny a resource assignment to ensure that every member of the current group is not allowed to be member of a given resource. This is an easy way to achieve a simple segregation of duty.

Core Identitites

All the Core Identities that are assigned to a role are displayed in the UI. Each such assignment has a reason, a valid from and a valid to. The assignment type further indicates whether this assignment was automatically created based on a rule, was assigned manually by a person or was received in the context of an delegation. You can add and remove those assignments given that you have the appropriate rights.

Approval Groups

Approval groups are a quick and easy way to implement an assignment approval process. You can quickly add groups of people and configure whether all or just one person needs to approve an assignment.

Members and Member from

You can nest roles into other roles and therefore create a tree structure of roles. This structure is displayed in the members and members from tabs.

Members

Given the example from above, the members of the role All care areas are the three roles below. If I add someone to the the All care areas role, he only receives the roles assigned to that specific role.

Member from

Given the example from above, the member from of the role All care areas is empty, as it is not member from any other role. But if we take a look at Care area A, it is member from All care areas. This also means, If I assign a Core Identity to the Care area A, that Core Identity will also become member of All care areas and hence inherit the configured resources from that role.

Resource definition templates

By assigning a role to a Core Identity we can not only assign resources but we can also trigger the creation of resources and subsequently assigning the Core Identity to the created resource. This is particularly handy if you want to control the creation of resources such as mailboxes through roles. By creating a mailbox template and assigning it to the role you can trigger the creation of a mailbox for a Person by simply assigning a role.

Attribute Sets

Attribute sets are more complex attributes that can also be assigned with roles. By assigning a role you also assign a specific attribute set to a Core Identity.

Assets

Assets can be a handy tool to manage physical or virtual objects to an entity within the CoreOne Suite. By assigning an asset type and a asset group to a role, you can trigger an automatic assignment of an asset to all members of the current role. This can be used to automatically assigned phone numbers, key cards or any other asset type that you might have configured.

  • No labels

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.