Set permissions from Identity Manager users or roles
This article includes updates for Smart ID 22.10.
This article describes how to view, assign and withdraw permissions for users and roles in Smart ID Identity Manager.
Step-by-step instruction
- Log in to Identity Manager Admin as Administrator.
To view or edit permissions of an individual user:
- In Identity Manager Admin, go to Home > User Administration.
- Double-click a user name in the list.
The user settings are shown.
To view or edit permissions of a role:
- In Identity Manager Admin, go to Home > Roles.
- Double-click a role name in the list.
The role settings are shown.
Roles in Identity Manager can be configured to only access certain Identity Manager instances, by using the instance ID setting.
To limit a role to access only certain instances:
In Instance Ids, enter a comma-separated list of
instanceIDs
as configured in the system.properties of each instance.Example: Instance Ids
Instance Ids = internet, intranet
If the field is left empty, then all instances are allowed.
For information on how to configureinstanceIDs
in system.properties, see Limit role to access certain instances of Identity Manager client.
To edit permissions of individual users or roles:
In the user or role settings, select tab. For more information, see the table below.
Check or uncheck permissions as needed.
- Click Save.
Permissions are grouped in these tabs:
Tab | Description | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
General Admin | Here you can assign and withdraw permissions for the menu items listed on the Home page in the Identity Manager Admin application. | ||||||||||||||||||||||||||||||||||||||||
General Runtime | Here you can assign or withdraw permissions to access larger functional areas of Identity Manager Operator. Functional areas for which a user has no permission are hidden. See Identity Manager Operator for more information about the object history permission.
When one or several of the object history permissions are enabled, the History button will be displayed on the core object detail page. If no object history permissions are enabled for a user or a role, the History button will not be displayed. | ||||||||||||||||||||||||||||||||||||||||
Process Permissions | Here you can assign and withdraw permissions to start individual processes in Identity Manager Operator (that is, Execute) and to edit their configuration in Identity Manager Admin (Update or Delete). | ||||||||||||||||||||||||||||||||||||||||
Search Configurations | Here you can assign and withdraw permissions to use (that is, Execute) the individual search configurations in Identity Manager Operator. | ||||||||||||||||||||||||||||||||||||||||
Forms | Here you can assign and withdraw permissions to read (Read) and edit (Update or Delete) the configuration of individual forms in Identity Manager Admin. | ||||||||||||||||||||||||||||||||||||||||
Identity Templates | Here you can assign and withdraw permissions to access (Read) data objects of particular categories in Identity Manager Operator. The categories are determined by the identity templates. |