Entitlement -kind of filters for role definitions

Idea ID 2812386

Entitlement -kind of filters for role definitions

0 Votes

User Application nrfRoles are administered in the Role Administrator web interface but I cannot see any place for a filter (Entitlement service driver style) in case I want to assign some roles automatically. Currently to assign a role automatically you have to have a list of roles and their respective rules listed somewhere such as a mapping table, global definition or an LDAP object. You can also save the data to the nrfRole object itself as an auxilliary attribute but the Role Administrator GUI does not support editing / viewing auxiliary attributes of the nrfRole objects.

As a quick fix I suggest adding multi value string attribute to the nrfRole object supported by Role Administration role editor. This enables additional role definitions including filter information for automatic role assignments.

Future IDM versions could implement native automatic role assignments based on LDAP filters.

I work mostly with universities IDM solutions and at least there 99% of the roles are assigned automatically based on source registry data therefore a place for storing the criteria would be needed. 

2 Comments
Knowledge Partner
Knowledge Partner

Would this not be using a Dynamic Group (LDAP Query based group) to assign roles?

Honored Contributor.
Honored Contributor.

Point was more on where the filter definitions are kept so that role definitions would be administered on single location. The criteria used in automatic role assignment is part of role information and should be stored in the same location with the rest of role definition.

To create a new role and use dynamic group you should first create it with Role Administrator, then create a new dynamic group and set the filter to it. Compared to writing it all to one place this makes a difference when roles are many and they need administration. Let alone checking if all 100 roles and their definitions are in sync and nobody made human errors.

Hope you get the idea.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.