Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:automatic_roles_by_attribute [2020/02/12 13:10]
regulat [Rules for automatic roles]
+++ tutorial:adm:automatic_roles_by_attribute [2023/08/23 10:37] (current)
apeterova
@@ Line 3: / Line 3: @@
 If you want to add a role to all users that work on the 3th floor, you can use **Automatic roles by attribute**.
-<note tip>Basics of roles and automatic roles can be found in [[devel:documentation:roles|documentation]].
+<note tip>Basics of roles and automatic roles can be found in [[:devel:documentation:roles|documentation]]. </note> You can configure automatic roles in the agenda **Roles → Automatic roles**. {{  .:autorole_by_organizations.png  | Automatic roles list}}
-</note>
-From CzechIdM 7.7 onwards, there is a new main menu item **Settings -> automatic roles**.
-{{ :tutorial:adm:autorole_by_organizations.png | Automatic roles list}}
 There are two tabs:
-  * **Automatic roles from organizational structure**
-  * **Automatic roles based on the attribute**
+  * **By organizational structure**
+  * **Based on the attribute**
 The first one shows the list of the automatic roles that a user gets via his/her placement in the organization's structure - say, all employees working in the IT Department.
 The second one shows the automatic roles that users get by means of **Rules**.
-{{ :tutorial:adm:automatic_roles_by_attribute_list.png | Roles by attributes list}}
+{{  .:automatic_roles_by_attribute_list.png  | Roles by attributes list}}
 ===== Rules for automatic roles =====
@@ Line 24: / Line 21: @@
 e.g. A rule can be set such that a user's contract has an attribute "floor" with value "3".
-To create a new automatic role by an attribute, go to **Settings -> automatic roles -> Automatic roles based on the attribute**. Next, click on the green "Add" button. In the form, fill in the name of a new automatic role by attribute e.g. "Employees - 3th floor printing".
+To create a new automatic role by an attribute, go to **Roles → Automatic roles → Based on the attribute**. Next, click on the green "Add" button. In the form, fill in the name of a new automatic role by attribute e.g. "Employees - 3th floor printing".
-{{ :tutorial:adm:autorole_new.png | New automatic role definition}}
+{{  .:autorole_new.png  | New automatic role definition}}
 Then select the Role - real CzechIdM entity e.g. "ldap files" that will be assigned if the user matches the Rules.
 The basic setup for the automatic role is done now, click Save and continue.
-We have specified what role shall be assigned, now we need the conditions - Rules.
+We have specified what role shall be assigned, now we need the conditions - Rules. {{  .:autorole_rules_list.png  | Rules list}}
-{{ :tutorial:adm:autorole_rules_list.png | Rules list}}
 Click on the green "new" button above the Rule table - the table may be empty.
-{{ :tutorial:adm:autorole_new_rule.png |}}
+{{  .:autorole_new_rule.png  }}
 Provided that the users' contracts have EAV attribute "Floor" defined, the Rule can look like this:
@@ Line 44: / Line 40: @@
   * **Form attribute = Floor**
   * **Comparison type = EQUALS**
-  * **Value = 3**
+  * **Value = 3**<note important>If you want to compare attribute value with text, your attribute must be in "SHORTTEXT" format because "TEXT" format is not supported.</note>
+When you click on the "save and continue" button, you will be asked if the Automatic role should be applied now.
-<note important>If you want to compare attribute value with text, your attribute must be in "SHORTTEXT" format because "TEXT" format is not supported.</note>
+{{  .:autorole_popup.png  | popup}}
-When you click on the "save and continue" button, you will be asked if the Automatic role should be applied now.
+  * **Yes**  - Automatic role is evaluated for all users. Those matching the rule get the said role. Calculation is started as a long running task and its progress can be verified in the Settings → Task scheduler → All tasks.
+      * Moreover, if an identity or its concept is saved - say after some manual editing done by the admin or during automatic synchronization -, the rules for automatic roles by attributes are recalculated for the respective user.
+  * **No**  - automatic role is saved as a concept.
+===== Concepts of automatic roles =====
-{{ :tutorial:adm:autorole_popup.png | popup}}
+Automatic roles saved as concepts are not evaluated until the concepts are completed (Green button "Recalculate"). If any user is saved in gui or e.g. during synchronization, automatic roles concepts are skipped.
-  * **Yes** - Automatic role is evaluated for all users. Those matching the rule get the said role. Calculation is started as a long running task and its progress can be verified in the Settings -> Task scheduler -> All tasks.
+{{  .:autorole_datail_concept.png  | Concept of automatic role by attributes}}
-    * Moreover, if an identity or its concept is saved - say after some manual editing done by the admin or during automatic synchronization -, the rules for automatic roles by attributes are recalculated for the respective user.
-  * **No** - automatic role is saved as a concept.
-===== Concepts of automatic roles =====
-Automatic roles saved as concepts are not evaluated until the concepts are completed (Green button "Recalculate"). If any user is saved in gui or e.g. during synchronization, automatic roles concepts are skipped.
-{{ :tutorial:adm:autorole_datail_concept.png | Concept of automatic role by attributes}}