Capabilities
Flexera One’s access management provides the following capabilities:
For details on known limitations in Flexera One access management, see Known Limitations.
Single Pane of Glass
The Administration module allows you to manage all of the users, user groups, and access controls across all of your Flexera One Organization in one place.
Organizing Users Into Groups to Simplify Role Management
You can organize users into groups based on your Organizational needs or other criteria and assign specific roles to the groups, simplifying the management of roles across your Organization versus having to assign roles to individual users. This is known as Role Inheritance.
For related information, see the following sections:
Role Inheritance
Important:Role inheritance can be viewed on the User Management page. The User Management page appears only if you have one of the following roles. For complete descriptions of each role available in Flexera One, see Flexera One Roles, or for information about IT Asset Management-specific authorizations, see Managing IT Asset Management Accounts.
|
•
|
Administer organization |
|
•
|
Administrator for an IT Asset Management account |
Role inheritance is a powerful feature for granting roles to a user across all accounts in an Organization. Simply grant the necessary role at the Organization level and the role will be inherited down to all accounts within it.
In Flexera One, all inherited roles are shown explicitly and can only be modified at the level they were assigned.
To view role inheritance:
|
1.
|
Go to the User Management page (Administration > Identity Management > User Management). |
|
2.
|
Click a user record link from the Email Address column. A slideout appears showing user details. |
A list of roles appears that are available in Flexera One appear, grouped by capability. These accordion sections of capabilities can be minimized or expanded. Any checked boxes show the roles that are currently granted for that user.
If the Inherited Role icon appears next to a role, it means either of the following depending on what section of the page you are on:
|
•
|
The role is inherited from a group (if in section showing Roles for organization: organization name at the top of the page) |
|
•
|
The role is inherited from the organization or a group (if in section showing roles for Accounts at the bottom of the page). |
As long as the user is a part of an account or group with this role they will have the inherited permissions. You can click the Inherited Role icon to view the group name from where the role is inherited.
You can also click the inherited Role link to drill down to the Group Management page showing details of the group that the role is inherited from.
Simplified User Roles
Out-of-the-box roles can be given to users as well as groups at the account and Organization-level, providing detailed controls for which users can do what across your Organization. The roles are also displayed by categories: Automation, Cloud, Discovery and Inventory, IT Assets, IT Visibility, Other, Platform Administration, and Self-Service CloudApps.
For related information, see the following sections:
Ability to Add Users at an Account Level
Important:The Account Management page appears only if you have one of the following roles. For complete descriptions of each role available in Flexera One, see Flexera One Roles, or for information about IT Asset Management-specific authorizations, see Managing IT Asset Management Accounts.
|
•
|
Administer organization |
|
•
|
Administrator for an IT Asset Management account |
The Account Management page (Administration > Identity Management > Account Management) lets you add users to accounts and also manage roles at the group level within any selected account.
Known Limitations
Currently, there is one known affilation limitation in Flexera One User access management. That is, there may exist some users in your Organization user list that do not currently have access to any account in your Organization. They exist in this list because at some point in the past they were granted a role or invited to an account. You can remove such users from your Organization by just deleting them.