Role assignment rules
Description
Soffid console provides an option that allows you to customize policies to assign or revoke roles automatically to specific users. To assign or revoke roles, the users must comply with the defined requirements.
This option allows you to Preview changes before to Apply new the changes, to verify that the actions to be performed are the correct ones.Â
To Apply now the role assignment rule, it is mandatory to have previously saved any changes made in the customization of the role assignment rule using the Apply changes button.
The rule evaluation is performed asynchronously.
When a user is updated, no matter from where, Soffid will launch the role assignment rules defined. If the rule is correct, the roles will be assigned; otherwise, they will be revoked.
Screen overview
Related objects
Standard attributes
Rules table
- Name:Â name of the rule.
- Description: brief description of the rule.
Rule details
- Rule details
- Name:Â name of the rule.
- Description: brief description of the rule.
- Expression: the script of the rule. When returns true, the roles will be granted, when returns false the roles are revoked.
Image
- Roles to apply when rule expression returns true
- "Roles list": roles to apply when rule expression returns true.
- Script to assign roles: allows you to customize the rules to apply roles. That roles will be added to the role list. The roles result will be a Role list, or RoleAccount list, or String list.Â
Image
- Others
- Rule progress: displays the time remaining to finish applying the rule. Only display while the changes are being applied.
Actions
Rules table
|
Add new |
Allows you to add a new role assignment rule in the system. To add a new role assignment rule it will be mandatory to fill in the required fields. |
|
Delete rule |
Allows you to remove one or more role assignment rule by selecting one or more records and next clicking this button. To perform this action, Soffid will ask you for confirmation, you could confirm or cancel the operation. |
|
Download CSV file |
Allows you to download a CSV file with the basic information of all role assignment rule. |
Rule details
|
Apply changes |
Allows you to save the changes made on the rule specification, or to save a new rule. |
|
Delete |
Allows you to remove the role assignment rule. To perform this action, Soffid will ask you for confirmation, you could confirm or cancel the operation. |
| Expand all | Displays all the attributes of the different blocks. |
| Collapse all | Hide all attributes of the different blocks. |
| "Types of views" | Change the view type: Classic view, Modern view, Compact design. |
|
Undo |
Allows you to undo any changes made on the rule, except the roles added or deleted to the role list. |
|
Add new (roles list) |
Allows you to add a role to be applied with the rule. |
|
Delete (roles list) |
Allows you to delete a role that will no longer be managed by the rule. |
|
Preview changes |
Displays a list with the changes that would be applied with that rule definition. |
|
Apply now |
Allows you to launch the role assignment rule process. When users comply with the rule specification, their roles will be updated. |
Examples
Scripts
The roles will only be applied to active users.
return user.active;The roles will only be applied to users who are assigned to the primary group ‘Writers’.
return "Writers".equals(user.getPrimaryGroup());The roles will only apply to users who have the ‘employee’ attribute with the values 1001, 1002, or 2001.
return "1001".equals(user.attributes.get("employee")) ||
"1002".equals(user.attributes.get("employee")) ||
"2001".equals(user.attributes.get("employee"));