Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:automatic_roles_by_attribute [2018/01/05 13:17] poulm tip |
tutorial:adm:automatic_roles_by_attribute [2018/12/27 15:12] kotisovam |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Automatic roles - adding roles by attribute value ====== | ||
+ | If you want to add a role to all users that work on the 3th floor, you can use **Automatic roles by attribute**. | ||
+ | |||
+ | <note tip> | ||
+ | </ | ||
+ | From CzechIdM 7.7 onwards, there is a new main menu item **Settings -> automatic roles**. | ||
+ | {{ : | ||
+ | |||
+ | There are two tabs: | ||
+ | * **Automatic roles from organizational structure** | ||
+ | * **Automatic roles based on the attribute** | ||
+ | |||
+ | The first one shows the list of the automatic roles that a user gets via his/her placement in the organization' | ||
+ | |||
+ | The second one shows the automatic roles that users get by means of **Rules**. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ===== Rules for automatic roles ===== | ||
+ | |||
+ | Rules are conditions that are evaluated on users and their contracts. If all the rules/ | ||
+ | |||
+ | e.g. A rule can be set such that a user's contract has an attribute " | ||
+ | |||
+ | To create a new automatic role by an attribute, go to **Settings -> automatic roles -> Automatic roles based on the attribute**. Next, click on the green " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Then select the Role - real CzechIdM entity e.g. "ldap files" that will be assigned if the user matches the Rules. | ||
+ | |||
+ | The basic setup for the automatic role is done now, click Save and continue. | ||
+ | |||
+ | We have specified what role shall be assigned, now we need the conditions - Rules. | ||
+ | {{ : | ||
+ | |||
+ | Click on the green " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Provided that the users' contracts have EAV attribute " | ||
+ | |||
+ | * **Type of checked attribute = Extended attribute of contract** | ||
+ | * **Form attribute = Floor** | ||
+ | * **Comparison type = EQUALS** | ||
+ | * **Value = 3** | ||
+ | |||
+ | When you click on the "save and continue" | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | * **Yes** - Automatic role is evaluated for all users. Those matching the rule get the said role. Calculation is started as a long running task and its progress can be verified in the Settings -> Task scheduler -> All tasks. | ||
+ | * Moreover, if an identity or its concept is saved - say after some manual editing done by the admin or during automatic synchronization -, the rules for automatic roles by attributes are recalculated for the respective user. | ||
+ | * **No** - automatic role is saved as a concept. | ||
+ | |||
+ | ===== Concepts of automatic roles ===== | ||
+ | |||
+ | Automatic roles saved as concepts are not evaluated until the concepts are completed (Green button " | ||
+ | |||
+ | {{ : |