Automatic role definitions - Import of data from CSV

This LRT can be used to import automatic roles which are assigned based on an EAV attribute of a contract.

Here is an example of CSV file which can be used for import role definitions.


As you can see roles column can be single or multivalued. For multivalued roles, definition from the same row will be added to every role. CSV file can have an optional number of columns, role and automatic role definitions columns are specified in setup of LRT.

CzechIdM uses by defaul utf-8 encoding. If your input file is encoded in diferent encoding, or if you experience some issues with non english characters, you may set different encoding in configuration of import long running task. Examples of other used encodings might be windows-1250, utf-8 or windows-1252

Now we will create the new LongRunningTask (LRT). As shown in the picture, go to Settings → Task scheduler → Scheduled tasks and hit green "Add" button to add new LRT.

Now we need to create new LRT with these attributes:

- Task type - ImportAutomaticRoleAttributesFromCSVExecutor - Import csv file - dropzone to select or drop csv file - Import file encoding - the encoding of the csv file - Column with roles - Name of the column with the names of roles in csv file - Use role codes instead of role names - If checked, tries to find roles by code directly, if not, converts names to codes (replaces spaces with underscores) (since 1.9.0) - Column with description - name of the column with role description, can be also used to update description - Column separator - separator of columns in csv file - Multi value separator - ( Char, default: new line ) separator of multi valued role names in csv file, new line separator is default export from excel, but for better clarity of csv file, it's recommended to use some symbol instead - Column with first attribute in csv file - - First contract eav name - name of existing eav attribute of contract which will be checked for match with automatic attribute - Column with second attribute in csv file - - Second contract eav name - name of existing eav attribute of contract which will be checked for match with automatic attribute

Now we just need to hit run.

And we also need to process it in all tasks.

You can check status about created role definitions in "all tasks" panel in task detail. Here you can find information about created or already existing automatic role definitions.

Everything should be set up so far and when the task ends, existed roles has got automatic role definitions on specified attributes.

Number of processed items means how many role names is in csv. Number of finished items are roles that were found in IdM and has't got automatic role definition.

This task only imports the roles but does not calculate them! In other words, the rules are now active but the accounts have to recalculated for them to start assigning roles. If you want to recalculate roles, run the task Recalculate all automatic roles by attribute.
In Extras 1.8.0 and lower, there is a bug. If you have multiple EAV attributes with the same code in different form definitions (e. g., for identity and contract), the task can fail because it doesn't check the definition. An easy fix is to rename the attribute.

If you delete or upload new file via dropzone, you should delete old files, created from previous uploads.

  • by sourek