Create automatic roles by tree structure, based on user's roles

Purpose of this LRT is to create automatic roles by tree structure base on user's roles. All automatic roles definition are created with no recursion.

It will search for all organization nodes (or for selected one and all under it - look at config below) where some user has a contract. Based on the user's assigned roles, the task creates automatic roles for the corresponding tree node.

Automatic roles are created only in case:

  • there is no automatic role for this tree node.
  • the role is not used in any automatic rule for attribute - If user has some "role A" directly assigned, but there is some automatic rule by attribute for "role A", then auto role definition by tree node is not created.
  • role is without superior role

If only one user is found on that tree node it will take all of his roles. (Or only roles for selected system - look at config below)

If multiple users are on the same tree node, you have two options. Do nothing or LRT will compute common roles and create auto roles for them.

Configuration:

  • Behavior, when multiple users are in same position - If you don't select this option. No auto roles will be created in case that multiple users are on same node. If you check this option. LRT will compute common roles between users on same position and create auto roles only for this common one.
  • System - if you leave it empty. LRT will create auto roles from all roles. If you select some system, only roles which has mapping for the selected system will be used for automatic roles. This can be usefull, if you want to create automatic roles only for AD groups for example.
  • Tree node - LRT will search only in selected node and all nodes under the selected one. For searching in all nodes, leave it empty
  • by apeterova