Introduction
Assignment rules can be used to automatically assign roles and resources Resource to Core IdentitiesIdentity based on a given set of conditions that need to be fulfilled. The assignment rule always consists of an Core Identity Typetypes , a set of conditions and the actual assignments. The Core Identity Type defines which attributes are available in the conditions. An assignment rule therefore can only be applied for a specific Core Identity Type and can not be shared accross multiple typesacross multiple types.
Assignment rules can further be activated and deactivated. Once you deactivate it, all assignments that were created because of this rule, will be removed by the system. So act with caution here.
Conditions
In the condition designer you have outer elements
and inner elements
that you can add to the condition. The outer elements
can be used to wrap the whole existing condition with either an and
or an or
condition. Once inside such an element, you can add as many inner elements
as you like.
AND Condition
The and
condition can be used to logically connect multiple compare
elements with each other. Let’s say the Core Identity must have an email address set AND the cost centre must be 1000.
OR Condition
The or
condition can be used to logically connect multiple compare
elements with each other. Let’s say the Core Identity must have a cost centre of 1000 OR a cost centre of 2000.
Compare Condition
The compare
condition can be used to check any given Core Identity attribute or relation. You can select the attribute from the list, select the comparator and condition depending on the attributes type.
Comparator | Description | Example |
---|---|---|
| Checks if the values are equal | CoreIdentity.Attribute.Firstname == John |
| Checks if the values are not equal | CoreIdentity.Attribute.Firstname != John |
| Checks if the value matches the configured regex pattern | CoreIdentity.Attribute.Firstname matches ^John.*$ |
| Checks if the value does not matches the configured regex pattern | CoreIdentity.Attribute.Firstname does not match ^John.*$ |
Roles
A list of roles that either should be assigned or be denied if the conditions match.
Resources
A list of resources that either should be assigned or be denied if the conditions match.
Role Assignments
A list of all Core Identities that did match the conditions and their assigned roles.
Resource Assignments
A list of all Core Identities that did match the conditions and their assigned resources.