This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fine Grained Access Control in 1IM

Using 7.1. I understand I can create permission groups and apply them to users through Application Roles. Couple of questions, do these access controls only affect the 1IM tools or if a user doesn't have access to a particular will they also not be able to view that in the portal? Also, is there a way to make it more fine-grained, to say if a user can only read and update users in a particular role? It seems like the permission group will only let me define this for the entire set of users, not just some subset of users.

0 Sven Früh-Klima over 7 years ago

Hi

Where role-based group permission will take affect depends on the selected (OIM tools) or configured (OIM web) authentication method. So, role-based group permissions will only take affect, when you have selected an role-based authentication method. If your role-based permission setup should also take affect in the web you have to ensure that you have set the correct authentication method.

The following screenshot show you an example of the WebDesigner config:

Regarding your question to make a permission more fine-grained, you can use the "Permissions filter" to specifiy special rules for viewing, editing, inserting and deleting conditions for a table. The following example shows a simple filter for a Helpdesk permission Group, where only members with the flag "IsSupporter = 1" have edit rights.

-
Regards
Sven
Cancel
Up 0 Down

Cancel
0 Markus Weiss-Ehlers over 7 years ago

Great post from Sven!

If you want to learn more about the permissions inside of One Identity Manager I suggest to take a look at the new video series on our YouTube channel.

Identity Manager | Permission Management
Cancel
Up 0 Down

Cancel