Capabilities

Flexera One’s access management provides the following capabilities:

Single Pane of Glass
Organizing Users into Groups to Simplify Role Management
Role Inheritance
Simplified User Roles
Ability to Add Users at an Account Level

For details on known limitations in Flexera One access management, refer to Known Limitations.

Single Pane of Glass

The Administration module allows you to manage all of the users, user groups, and access controls across all of your Flexera One Organization in one place.

Organizing Users into Groups to Simplify Role Management

You can organize users into groups based on your Organizational needs or other criteria and assign specific roles to the groups, simplifying the management of roles across your Organization versus having to assign roles to individual users. This is known as Role Inheritance.

For related information, refer to the following sections:

Role Inheritance
Adding New Users
Creating and Managing User Groups
Downloading a User Role Report

Role Inheritance

Role inheritance is a powerful feature for granting roles to a user across all accounts in an Organization. Simply grant the necessary role at the Organization level and the role will be inherited down to all accounts within it.

In Flexera One, all inherited roles are shown explicitly and can only be modified at the level they were assigned.

To view role inheritance

1. Go to the User Management page (Administration > Identity Management > User Management).
2. Click a user record link from the Email Address column.

A slideout appears showing user details.

3. Click the Roles tab.

A list of roles appears that are available in Flexera One appear, grouped by capability. These accordion sections of capabilities can be minimized or expanded. Any checked boxes show the roles that are currently granted for that user.

If the Inherited Role icon appears next to a role, it means either of the following depending on what section of the page you are on:

The role is inherited from a group (if in section showing Roles for organization: organization name at the top of the page)
The role is inherited from the organization or a group (if in section showing roles for Accounts at the bottom of the page).

As long as the user is a part of an account or group with this role they will have the inherited permissions. You can click the Inherited Role icon to view the group name from where the role is inherited.

You can also click the inherited Role link to drill down to the Group Management page showing details of the group that the role is inherited from.

Simplified User Roles

Out-of-the-box roles can be given to users as well as groups at the account and Organization-level, providing detailed controls for which users can do what across your Organization. The roles are also displayed by categories: Automation, Cloud, Discovery and Inventory, IT Assets, IT Visibility, Other, Platform Administration, Plugins, and Self-Service CloudApps.

For related information, refer to the following sections:

Role Inheritance
Flexera One Roles

Ability to Add Users at an Account Level

The Account Management page (Administration > Identity Management > Account Management) lets you add users to accounts and also manage roles at the group level within any selected account.

Known Limitations

Currently, there is one known affilation limitation in Flexera One User access management. That is, there may exist some users in your Organization user list that do not currently have access to any account in your Organization. They exist in this list because at some point in the past they were granted a role or invited to an account. You can remove such users from your Organization by just deleting them.