Rolesets
Last updated
Was this helpful?
Last updated
Was this helpful?
RoleSets are used to automatically assign roles to users, based on values in their User Data. The definition of RoleSets consists out of 2 parts:
Identification of the User Data field to be checked. This definition is done in the adapter settings.
Definition of the roles within a RoleSet. This definition is done under Manage RoleSets and further explained below.
RoleSet Name
Linked Roles
Sales
Standard Role, Sales Role
Spain
Local Spain
France
Local France
USA
Local USA
In the adapter settings it is configured that the LDAP Field "SN" is used for mapping RoleSets. The operator to compare the RoleSet name with the SN field is set to Contains:
When an user with the value "OU=Company;OU=Spain;DN=Sales;DN=Junior" in the SN field logs into SSP, there is a match for 2 RoleSets: Sales and Spain. The user will get all roles linked to these RoleSets assigned, in this case the Roles: Standard Role, Sales Role and Local Spain.
The General Settings tab contains the following configuration setting for RoleSets.
Name: Enter the Name for the RoleSet. Please note that this name is used to map a RoleSet to an external variable. You can read more about that mapping in the chapter about Adapters.
*New RoleSets must be saved before proceeding to role configuration.
List of all roles defined in SSP. For each role that should be included in the RoleSet set the checkbox on the right.
RoleSets can here be added, updated or removed. To update an existing RoleSet, click on the edit button. To remove a RoleSet, use the delete button. To create a new RoleSet, click on the button.
The User Data field and operator to use for granting roles can be configured in the adapter settings on the tab. Also within the adapter menu, it is configured how the user's attribute should be matched with names. Roles that get assigned through a RoleSet get linked to the user's account as . The next time the user logs in, all temporary roles are removed from the user's profile and a new check is done. The name given to a RoleSet is crucial in the functioning of RoleSets. Only when the name can be matched with the UserData field, based on the selected operator, the roles within a RoleSet will be granted.
Use the button to save the changes and remain on this screen, or use the button to save your changes and return to the Overview screen, or use the button to discard any changes.
Use the button to save the changes and remain on this screen, or use the button to save your changes and return to the Overview screen, or use the button to discard any changes.
