===== Provisioning - role =====
{{tag> role provisioning}}

Roles provisioning has a different behavior than the provision of identities. The main difference is the absence of a separate account management mechanism. In the case of identities, the [[..:..:accounts:dev:account-management | Account management]] that creates and (depending on) the IDM account depending on the assigned roles.

In the case of roles, account management is directly linked to the creation / modification / deletion event of the role.

  -If we **create** a new role, the event is publish and catches by the processor (in the **ACC** module) [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu /bcvsolutions/idm/acc/event/processor/RoleSaveProcessor.java|RoleSaveProcessor]]. This first creates an **IDM account** by calling **ProvisioningService.createAccountsForAllSystems**. It creates an IDM account (and associated bindings) for all systems that have provisioning mapping for that tree type. Subsequently, the **provisioning** itself is triggered.
  - If we **modify** a role, the event is publish and catches by the same processor and performs the same operations as the previous point.
  - If we **delete** a role, the delete event is publisch and catches by [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/event/processor/RoleDeleteProcessor.java|RoleDeleteProcessor]]. This processor delete all **AccRoleAccount** relations and linked AccAccount (account on end system too).

<note tip> Provides role provisioning by default [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/acc/src/main/java/eu/bcvsolutions/idm/acc/service/impl/ RoleProvisioningExecutor.java | RoleProvisioningExecutor]]. </note>