Role attributes define what additional information can (must) be filled in the user's assigned role. A typical example can be the IP address of a user's end station, which must be filled in in a role assignment request.

Definitions of which attributes are to be filled for the role are managed on the role detail (role attributes tab). Here, you define not only what attributes to show in the request, but also their default values and validation settings. This definition is part of the role approval (off by default).

For the purpose of provisioning assigned roles, new attributes (User assigned roles and User assigned roles (for this system)) were created, which can be used in system mapping for provisioning identities. Input of the transformation into the system is a list of valid assigned identity roles. This assignment is represented by the AssignedRoleDto object, which mirrors the object IdmIdentityRoleDto and tries to simplify the work with assigned roles in the transform. This simplification is primarily based on the fact that the object contains the entire DTO (role, identityContract, …) instead of the UUID and mainly contains a map of all the attributes of the assigned role (where the key is the attribute code and the value is a list of all attribute values).

import eu.bcvsolutions.idm.acc.domain.AssignedRoleDto;
import eu.bcvsolutions.idm.core.api.dto.IdmRoleDto;
 
if (attributeValue) {
    String result = "";
    for(AssignedRoleDto dto : attributeValue){
        result = result + "Role: [" + dto.getRole().getCode() + "] Attributes: [" + dto.getAttributes().toString() + "]";
 
    }
    return result;
}
return "";

Role: [Helpdesk] Attributes: [[:]]
Role: [RoleWithOneAttribute] Attributes: [[IP:[192.168.0.122]]]
Role: [RoleWithTwoAttributes] Attributes: [[Number of fingers:[20], IP:[168.192.0.10]]]