Automatic role definitions - Import all rules
This LRT - ImportAutomaticRoleByAttributesCSVExecutor will let you import automatic roles definitions by attribute. You are able to import dynamic number of rules to each role definition. Supported attributes types are:
- Identity attribute
- Identity EAV attribute
- Contract attribute
- Contract EAV attribute
Below you can see the structure of the csv.
role;name;identityAttrName1;identityAttrValue1;identityAttrName2;identityAttrValue2;identityEavAttrName1;identityEavAttrValue1;contractAttrName1;contractAttrValue1;contractEavAttrName1;contractEavAttrValue1 role;5 pravidel;username;kucerar;externalCode;12345;phone;123456789;main;false;fce;delnik role;username;username;kucerar;;;;;;;; role;povfc;;;;;;;;;fce;delnik
Description of columns:
- role - name of role for which the rule will be created
- name - *code* for the definition
- identityAttrName1 - name of identity attribute
- identityAttrValue1 - value of identity attribute
- identityAttrName2 - name of second identity attribute
- identityAttrValue2 - value of second identity attribute
- identityEavAttrName1 - name of identity EAV attribute
- identityEavAttrValue1 - value of identity EAV attribute
- contractAttrName1 - name of contract attribute
- contractAttrValue1 - value of contract attribute
- contractEavAttrName1 - name of contract EAV attribute
- contractEavAttrValue1 - value of contract EAV attribute
As you can see you are able to import dynamic number of rules. So one automatic role definition can have one rule a the other definition can have 5 for example. The names of columns with attributes can be configured, only thing which is mandatory to start with "1" as suffix and increment it by one if want more attributes with same type. Names of all columns are configurable in LRT config see image below:
LRT params:
- Import csv file - required - drag and drop for CSV file
- Import file encoding - required - file encoding - e.g "utf-8"
- Column with roles - required - name of column where are the *code of roles*
- Column with name for automatic role definition - column with definitions names - if you not configure this, definition names are calculate in LRT from role name and type and values of attributes
- Column separator - separator of colums
- Identity attribute column name prefix - Prefix for column with identity attributes
- Identity attribute column value prefix - Prefix for column with identity attributes values
- Identity EAV attribute column name prefix - Prefix for column with identity EAV attributes
- Identity EAV attribute column value prefix - Prefix for column with identity EAV attributes values
- Contract attribute column name prefix - Prefix for column with contract attributes
- Contract attribute column value prefix - Prefix for column with contract attributes values
- Contract EAV attribute column name prefix - Prefix for column with contract EAV attributes
- Contract EAV attribute column value prefix - Prefix for column with contract EAV attributes values
You can use this LRT even for rules updating. As long as the name of role definition is already in IdM we will update it. Update is performed as deleting previous rules and saving the new ones. Because definition name is not unique value, if LRT found more then one definition with same it will not perform update, because we don't know which rule we want to update. So in this case new role definition is created.
Recalculate automatic roles
This task only imports the automatic roles but does not calculate them! In other words, the rules are now active but have to be recalculated in order to be assigned to existing identities. If you want to recalculate roles, run the task Recalculate all automatic roles by attribute (ProcessAllAutomaticRoleByAttributeTaskExecutor)