Navigation:  Admin Panel > Roles >

Managing RoleSets

Previous pageReturn to chapter overviewNext page
Show/Hide Hidden Text

RoleSets are used to automatically assign roles to users, based on values in their User Data. The definition of RoleSets consists out of 2 parts:

Identification of the User Data field to be checked. This definition is done in the adapter settings.
Definition of the roles within a RoleSet. This definition is done under Manage RoleSets and further explained below.

clip0044

RoleSets can here be added, updated or removed. To update an existing RoleSet, click on the edit editbutton. To remove a RoleSet, use the delete delete button. To create a new RoleSet, click on the clip0134button.

The User Data field and operator to use for granting roles can be configured in the adapter settings on the User Data tab. Also within the adapter menu, it is configured how the user's attribute should be matched with RoleSet names. Roles that get assigned through a RoleSet get linked to the user's account as Dynamic Roles. The next time the user logs in, all temporary roles are removed from the user's profile and a new check is done. The name given to a RoleSet is crucial in the functioning of RoleSets. Only when the name can be matched with the UserData field, based on the selected operator, the roles within a RoleSet will be granted.

Orb-Blue-Minus-24Example

RoleSet Name

Linked Roles

Sales

Standard Role, Sales Role

Spain

Local Spain

France

Local France

USA

Local USA

In the adapter settings it is configured that the LDAP Field "SN" is used for mapping RoleSets. The operator to compare the RoleSet name with the SN field is set to Contains:

clip0135

When an user with the value "OU=Company;OU=Spain;DN=Sales;DN=Junior" in the SN field logs into SSP, there is a match for 2 RoleSets: Sales and Spain. The user will get all roles linked to these RoleSets assigned, in this case the Roles: Standard Role, Sales Role and Local Spain.

.