Rolesets

Introduction

RoleSets are used to automatically assign roles to users, based on values in their User Data. The definition of RoleSets consists out of 2 parts:

• Identification of the User Data field to be checked. This definition is done in the adapter settings.

• Definition of the roles within a RoleSet. This definition is done under Manage RoleSets and further explained below.

The User Data field and operator to use for granting roles can be configured in the adapter settings on the User Data tab. Also within the adapter menu, it is configured how the user's attribute should be matched with RoleSet names. Roles that get assigned through a RoleSet get linked to the user's account as Dynamic Roles. The next time the user logs in, all temporary roles are removed from the user's profile and a new check is done. The name given to a RoleSet is crucial in the functioning of RoleSets. Only when the name can be matched with the UserData field, based on the selected operator, the roles within a RoleSet will be granted.

Example

In the adapter settings it is configured that the LDAP Field "SN" is used for mapping RoleSets. The operator to compare the RoleSet name with the SN field is set to Contains:

When an user with the value "OU=Company;OU=Spain;DN=Sales;DN=Junior" in the SN field logs into SSP, there is a match for 2 RoleSets: Sales and Spain. The user will get all roles linked to these RoleSets assigned, in this case the Roles: Standard Role, Sales Role and Local Spain.

General Settings

The General Settings tab contains the following configuration setting for RoleSets.

Name: Enter the Name for the RoleSet. Please note that this name is used to map a RoleSet to an external variable. You can read more about that mapping in the chapter about Adapters.

*New RoleSets must be saved before proceeding to role configuration.

List of Roles

List of all roles defined in SSP. For each role that should be included in the RoleSet set the checkbox on the right.