|Show/Hide Hidden Text|
RoleSets are used to automatically assign roles to users, based on values in their User Data. The definition of RoleSets consists out of 2 parts:
|•||Identification of the User Data field to be checked. This definition is done in the adapter settings.|
|•||Definition of the roles within a RoleSet. This definition is done under Manage RoleSets and further explained below.|
RoleSets can here be added, updated or removed. To update an existing RoleSet, click on the edit button. To remove a RoleSet, use the delete button. To create a new RoleSet, click on the button.
The User Data field and operator to use for granting roles can be configured in the adapter settings on the User Data tab. Also within the adapter menu, it is configured how the user's attribute should be matched with RoleSet names. Roles that get assigned through a RoleSet get linked to the user's account as Dynamic Roles. The next time the user logs in, all temporary roles are removed from the user's profile and a new check is done. The name given to a RoleSet is crucial in the functioning of RoleSets. Only when the name can be matched with the UserData field, based on the selected operator, the roles within a RoleSet will be granted.
In the adapter settings it is configured that the LDAP Field "SN" is used for mapping RoleSets. The operator to compare the RoleSet name with the SN field is set to Contains:
When an user with the value "OU=Company;OU=Spain;DN=Sales;DN=Junior" in the SN field logs into SSP, there is a match for 2 RoleSets: Sales and Spain. The user will get all roles linked to these RoleSets assigned, in this case the Roles: Standard Role, Sales Role and Local Spain.