Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
tutorial:adm:db_roles_provisioning [2019/05/16 10:36]
stloukalp created 		tutorial:adm:db_roles_provisioning [2020/08/13 15:47] (current)
stekld [Make a script]
Line 38: Line 38:
 {{ :tutorial:adm:roles_prov02.png |}} {{ :tutorial:adm:roles_prov02.png |}}
  
-  * Then in **Mapping** tab create new mapping - provisioning (\_\_ACCOUNT\_\_ (Object name), Role (Entity type)).+  * Then in **Mapping** tab create new mapping - provisioning (\_\_ACCOUNT\_\_ (Object name), Role (Entity type)). {If you are using Active Directory, select \_\_GROUP\_\_ as Object name }
  
   * Now we will map just 1 attribute. Click on green add button like on picture below and this fill in:    * Now we will map just 1 attribute. Click on green add button like on picture below and this fill in: 
Line 54: Line 54:
  
 Select our system and then agenda **Mapping**. Select just created provisioninig mapping. On this page there is another tab **Account Management**. Select our system and then agenda **Mapping**. Select just created provisioninig mapping. On this page there is another tab **Account Management**.
-Here you can write a script or add one with green button **Insert script**. For example you can specify which roles will be propagated based on role name (roles\_a:roleToBeProvisioned) or if role is in specified role catalogue (roles\_a catalogue).+Here you can write a script or add one with green button **Insert script**. For example you can specify which roles will be propagated based on role name (roles\_a:roleToBeProvisioned) 
  
 {{ :tutorial:adm:roles_prov04.png |}} {{ :tutorial:adm:roles_prov04.png |}}
  
-Beware: If you add this script after provisioning of a role. This script will not prevent future provisioning of this role. You have to remove role's account on this system. In agenda **Roles** on left menu you can find the role, click on magnifying glass. In tab **Accounts** you can see all accounts of this role (there could be more items, if role was synchronized from system or provisioned to more systems). Here if you remove account, role will be erased on end system. Future provisioning of the role to this system based on script mentioned above.+or if role is in specified role catalogue (roles\_a catalogue). 
 + 
 +<code> 
 +// Inserted script: IsRoleInCatalogue 
 +/* Description: 
 +Is role in the catalogue? Script return "true" if given (input parameter "role") IdmRoleDto is in supported catalogue (given in the parameter "catalogueCode"). Search is recursively. 
 +*/ 
 +scriptEvaluator.evaluate( 
 +    scriptEvaluator.newBuilder() 
 +        .setScriptCode('IsRoleInCatalogue'
 +        .addParameter('scriptEvaluator', scriptEvaluator) 
 +        .addParameter('uid', uid) 
 +        .addParameter('entity', entity) 
 +        .addParameter('system', system) 
 +        .addParameter('role', entity) 
 +        .addParameter('catalogueCode', '123') // '123' represents a catalog code 
 + .build()); 
 +</code> 
 + 
 +Beware: If you add first (roles\_a:roleToBeProvisioned) script after provisioning of a role. This script will not prevent future provisioning of this role. You have to remove role's account on this system. In agenda **Roles** on left menu you can find the role, click on magnifying glass. In tab **Accounts** you can see all accounts of this role (there could be more items, if role was synchronized from system or provisioned to more systems). Here if you remove account, role will be erased on end system. Future provisioning of the role to this system based on script mentioned above.
  
 {{ :tutorial:adm:roles_prov05.png |}} {{ :tutorial:adm:roles_prov05.png |}}
  • by stekld