Skip to main content

Role assignment rules

Description

Soffid console provides an option that allows you to customize policies to assign or revoke roles automatically to specific users. To assign or revoke roles, the users must comply with the defined requirements.

ThatThis option allows you to Preview changes before to Apply new the changes, to verify that the actions to be performed are the correct ones. 

To Apply now the Rolerole assignment rule, it is mandatory to have previously saved any changes made in the customization of the role assignment rule using the Apply changes button.

The rule evaluation is performed asynchronously.

When a user is updated, no matter from where, Soffid will launch the role assignment rules defined. If the rule is correct, the roles will be assigned; otherwise, they will be revoked.

image.png


image.png

    • UserUsers : where the rule is executed after the changes.
    • Roles : roles to be granted or revoved.

    Standard attributes

    Rules table

    • Name: name of the rule.
    • Description: brief description of the rule.

    RoRule details

    • Rule details
      • Name: name of the rule.
      • Description: brief description of the rule.
      • Script (Rule expression)Expression: the whenscript of the rule. When returns true, the roles will be appliedgranted, andwhen returns false the scriptroles thatare assigns roles.revoked.
      • Rule
      Progress: displays the time remaining to finish applying the rule.
    Image

    image.png

    • Roles to apply when rule expression returns true

    • Role"Roles listlist": roles to apply when rule expression returns true.
    • Script to assign roles: allows you to customize the rules to apply roles. That roles will be added to the role list.

    The roles result will be a Role list, or RoleAccount list, or String list. 

    Image

    image.png

    • Others
      • Rule progress: displays the time remaining to finish applying the rule. Only display while the changes are being applied.

    Actions

    RoleRules assignment rules query actiontable

    Add new

    Allows you to add a new role assignment rule in the system. You can choose that option on the hamburger menu or clicking the add button (+).To add a new role assignment rule it will be mandatory to fill in the required fieldsfields.

    Delete rule

    Allows you to remove one or more role assignment rule by selecting one or more records and next clicking thethis buttonbutton. with the subtraction symbol (-).To perform thatthis action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

    Download CSV Filefile

    Allows you to download a CSV file with the basic information of all role assignment rule. 

    Import

    Allows you to upload a CSV file with the role assignment rule list to add or update role assignment rules to Soffid.First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

    RoleRule assignment rules detail actiondetails

    Apply changes

    Allows you to save the changes made on the rule specification, or to save a new rule.

    Delete

    Allows you to remove the role assignment rule. To perform this action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

    Undo

    Allows you to undo any changes made on the rule, except the roles added or deleted to the role list.

    Add new role(roles list)

    Allows you to add a role to be applied with the rule.

    Delete (roles list)

    Allows you to delete a role that will no longer be managed by the rule.

    Preview changes

    Displays a list with the changes that would be applied with that rule definition.

    Apply now

    Allows you to launch the role assignment rule process. When users comply with the rule specification, their roles will be updated.

    Examples

    Scripts

    The roles will only be applied to active users.

    return user.active;

    The roles will only be applied to users who are assigned to the primary group ‘Writers’.

    return "Writers".equals(user.getPrimaryGroup());

    The roles will only apply to users who have the ‘employee’ attribute with the values 1001, 1002, or 2001.

    return "1001".equals(user.attributes.get("employee")) ||
       "1002".equals(user.attributes.get("employee")) ||
       "2001".equals(user.attributes.get("employee"));


    Back to top