Create automatic role for organization group
This feature creates automatic organization role while saving role (group). Role can be created/updated manually or from system (Active Directory)
Process check role EAV whether role is organization group.
For search of organization (TreeNode) is used script extrasSeachTreeNodeByRoleCode (simple script input parameter is roleCode, output is ID of TreeNode). Script can be replaced with new one with specific search logic.
New automatic role is created.
How to use it
Processor is disabled by default.
We need to create IdmRole EAV to distinguish organization groups. Attribute with Boolean type (name is not relevant, true is organization group), then we save ID of this EAV into configuration property idm.sec.extras.role.is.organization.group.eav.id.
Optional: We can change recursion type for new automatic role by setting idm.sec.extras.automatic.organization.role.recursion.type.
Optional: We can create new script for organization search by implementing new script, then we set code of this script into property idm.sec.extras.search.treenode.by.role.script.code.
Finally we activate feature by setting property idm.sec.extras.processor.extras-role-automatic-organization-role-processor.enabled=true.
Optional: in roles synchronization we fill new attribute with true/false value.
Configuration
- idm.sec.extras.role.is.organization.group.eav.id = UUID (UUID of role EAV to distinguish organization groups)
- idm.sec.extras.processor.extras-role-automatic-organization-role-processor.enabled = true (on/off swith for processor/feature)
- idm.sec.extras.search.treenode.by.role.script.code = extrasSeachTreeNodeByRoleCode (code of script for search organization)
- idm.sec.extras.automatic.organization.role.recursion.type = NO (supported values DOWN, NO, UP, default value is NO)