Assignment Rules
- Silvan Grüter
Introduction
Assignment rules can be used to automatically assign roles and Resource to Core Identity based on a given set of conditions that need to be fulfilled. The assignment rule always consists of an Core Identity type , a set of conditions and the actual assignments. The Core Identity Type defines which attributes are available in the conditions. An assignment rule therefore can only be applied for a specific Core Identity Type and can not be shared across multiple types.
Assignment rules can further be activated and deactivated. Once you deactivate it, all assignments that were created because of this rule, will be removed by the system. So act with caution here.
Conditions
In the condition designer you have outer elements and inner elements that you can add to the condition. The outer elements can be used to wrap the whole existing condition with either an and or an or condition. Once inside such an element, you can add as many inner elements as you like.
AND Condition
The and condition can be used to logically connect multiple compare elements with each other. Let’s say the Core Identity must have an email address set AND the cost centre must be 1000.
OR Condition
The orcondition can be used to logically connect multiple compare elements with each other. Let’s say the Core Identity must have a cost centre of 1000 OR a cost centre of 2000.
Compare Condition
The compare condition can be used to check any given Core Identity attribute or relation. You can select the attribute from the list, select the comparator and condition depending on the attributes type.
Comparator | Description | Example |
|---|---|---|
| Checks if the values are equal | CoreIdentity.Attribute.Firstname == John |
| Checks if the values are not equal | CoreIdentity.Attribute.Firstname != John |
| Checks if the value matches the configured regex pattern | CoreIdentity.Attribute.Firstname matches ^John.*$ |
| Checks if the value does not matches the configured regex pattern | CoreIdentity.Attribute.Firstname does not match ^John.*$ |
Roles
A list of roles that either should be assigned or be denied if the conditions match.
Resources
A list of resources that either should be assigned or be denied if the conditions match.
Role Assignments
A list of all Core Identities that did match the conditions and their assigned roles.
Resource Assignments
A list of all Core Identities that did match the conditions and their assigned resources.
© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.