Skip to main content
Skip table of contents

Set permissions from Identity Manager users or roles

This article includes updates for Smart ID 22.10. 


This article describes how to view, assign and withdraw permissions for users and roles in Smart ID Identity Manager

Step-by-step instruction

Log in to Identity Manager Admin
  1. Log in to Identity Manager Admin as Administrator.
Open user or role to view or edit

To view or edit permissions of an individual user:

  1. In Identity Manager Admin, go to Home > User Administration
  2. Double-click a user name in the list.
    The user settings are shown. 

To view or edit permissions of a role:

  1. In Identity Manager Admin, go to Home > Roles.
  2. Double-click a role name in the list.

    The role settings are shown. 

For roles: Limit access to certain instance IDs

Roles in Identity Manager can be configured to only access certain Identity Manager instances, by using the instance ID setting. 

To limit a role to access only certain instances:

  1. In Instance Ids, enter a comma-separated list of instanceIDs as configured in the system.properties of each instance. 

    Example: Instance Ids

    Instance Ids = internet, intranet

    If the field is left empty, then all instances are allowed.
    For information on how to configure instanceIDs in system.properties, see Limit role to access certain instances of Identity Manager client.

Set permissions for user or role

To edit permissions of individual users or roles:

  1. In the user or role settings, select tab. For more information, see the table below. 

  2. Check or uncheck permissions as needed. 

  3. Click Save.  

Permissions are grouped in these tabs:

TabDescription
General AdminHere you can assign and withdraw permissions for the menu items listed on the Home page in the Identity Manager Admin application. 
General Runtime

Here you can assign or withdraw permissions to access larger functional areas of Identity Manager Operator. Functional areas for which a user has no permission are hidden. See Identity Manager Operator for more information about the object history permission.

PermissionDescription
BATCH ORDERSIf the logged in user, or assigned roles, have this permission, the BATCH ORDERS tab is displayed in Identity Manager Operator.
Scheduled JobsIf the logged in user, or assigned roles, have this permission, the Scheduled Jobs menu is visible in the ADMIN tab in Identity Manager Operator.
Clear cacheIf the logged in user, or assigned roles, have this permission, the Clear cache menu is visible in the ADMIN tab in Identity Manager Operator.
Configure system propertiesIf the logged in user, or assigned roles, have this permission, the Configure system properties menu is visible in the ADMIN tab in Identity Manager Operator.
Download configurationIf the logged in user, or assigned roles, have this permission, the Download configuration menu is visible in the ADMIN tab in Identity Manager Operator.
IN PROGRESSIf the logged in user, or assigned roles, have this permission, the IN PROGRESS tab is displayed.
List processesIf the logged in user, or assigned roles, have this permission, the List processes menu is visible in the ADMIN tab in Identity Manager Operator.
Maintenance ModeIf the logged in user, or assigned roles, have this permission, the Maintenance Mode menu is visible in the ADMIN tab in Identity Manager Operator.
OBJECT HISTORY: Batch importIf the logged in user, or assigned roles, have this permission, the History button is displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding batch import.
OBJECT HISTORY: Custom types If the logged in user, or assigned roles, have this permission, the History button is displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding custom types. 
OBJECT HISTORY: Data change

If the logged in user, or assigned roles, have this permission, the History button will be displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding data change, for example, created, modified or deleted data.

OBJECT HISTORY: Process execution

If the logged in user, or assigned roles, have this permission, the History button will be displayed on the core object detail page in Identity Manager Operator. The history will show entries regarding process execution. 

OBJECT HISTORY: State changeIf the logged in user, or assigned roles, have this permission, the History button will be displayed on the core object detail page in Identity Manager. The history will show entries regarding state change.
OPEN TASKSIf the logged in user, or assigned roles, have this permission, the OPEN TASKS tab will be displayed.
REST API: Resolve secretsThis permission is responsible for the REST API: Resolve secrets, which defines the right to call an http endpoint to resolve secrets.
Reserve number rangesIf the logged in user, or assigned roles, have this permission, the Reserve number ranges menu is visible in the ADMIN tab in Identity Manager Operator.
SEARCHIf the logged in user, or assigned roles, have this permission, the SEARCH tab is displayed.
STARTIf the logged in user or assigned roles have this permission, the START tab is displayed.
Upload configurationIf the logged in user, or assigned roles, have this permission, the Upload configuration menu is visible in the ADMIN tab in Identity Manager Operator.

When one or several of the object history permissions are enabled, the History button will be displayed on the core object detail page. If no object history permissions are enabled for a user or a role, the History button will not be displayed.

Process PermissionsHere you can assign and withdraw permissions to start individual processes in Identity Manager Operator (that is, Execute) and to edit their configuration in Identity Manager Admin (Update or Delete).
Search ConfigurationsHere you can assign and withdraw permissions to use (that is, Execute) the individual search configurations in Identity Manager Operator.
FormsHere you can assign and withdraw permissions to read (Read) and edit (Update or Delete) the configuration of individual forms in Identity Manager Admin.
Identity TemplatesHere you can assign and withdraw permissions to access (Read) data objects of particular categories in Identity Manager Operator. The categories are determined by the identity templates.

Related information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.