Role Assignment Policies Widget
Definition
The Role Assignment Policies Widget allows to:
configure and manage Role Assignments Policies for a Role.
edit the dimensions mapping.
This way allows to assign a Role to several Identities at the same time.
Edit mode | Read mode |
|---|---|
  |   |
Tips
To access the Role Assignment Policies Widget, you must configure the Widget on a Feature with an object kind set to ROLE.
Use
When the Role Assignment Policies Widget is configured in an update feature, you can create, update or delete a Role Assignment Policy on a Role.
When the Role Assignment Policies Widget is configured in a read feature, you can view a Role Assignment Policy on a Role.
Create and update a Role Assignment Policy
You can create a Role Assignment Policy on a Role by clicking on the "Add Policy" button.
You can update a Role Assignment Policy on a Role by clicking on the "Edit" button.
On each case, a pop-up opens with a form with the following values :
Property name | Type | Mandatory | Description |
|---|---|---|---|
name |
| YES | The Role Assignment Policy name. |
description |
| NO | Used to describe the Role Assignment Policy that will be configured. |
status |
| YES | Used to define the status of the Role Assignment Policy. Values : |
mode |
| YES | Used to define the mode of the Role Assignment Policy. Values : The choice of the mode will affect the assignment and removal of Roles to/from an Identity. |
provisioningEnabled |
| YES | Used to indicate whether or not provisioning of the Roles through this policy is enabled. When disabled, Roles will not be provisioned with this policy, even if a new matching Identity is found. |
deprovisioningEnabled |
| YES | Used to indicate whether or not deprovisioning (removal) of the Roles through this policy is enabled. When disabled, Roles already assigned with this policy will not be deprovisioned, even if an existing Identity is found as not matching anymore. |
scope | - | YES | The scope determines which Identities match this policy. |
Dimensions mapping
This part allows to define the dimensions mapping on the Role Assignment Policy.
The dimension mapping must be configured if a dimension is mandatory (a red star is displayed next to it).
A dimension mapping can be configured as following:
Mapping type | Value type | Description |
|---|---|---|
No value | N/A | This type is available only if the dimension is not mandatory. |
Value |
| The dimension value is explicitly set in the mapping. |
Expression |
| When configured as an "expression" Dimension Mapping, the value is computed with a provided groovy expression that can make use of any of the following values:
|
Delete a Role Assignment Policy
You can delete a Role Assignment Policy on a Role by clicking on the "Delete" button.
This can only be done in Edit mode, in a Update feature.
Read a Role Assignment Policy
You can consult a Role Assignment Policy on a Role by clicking on the "View" button.
This can only be done in View mode, in a Read feature.
Configuration
Properties
If no override is provided, the edit widget will simply display empty fields for all elements in the form. It is possible to preset some advanced fields by overriding the configuration and providing a custom editor.
Example
Role Assignment Policy Edit
Role Assignment Policy Read
<widget id="roleAssignmentPolicy" xsi:type="ctdbum:AttributeEditorWidgetType">
<hidden>false</hidden>
<config>
<label></label>
<lockedInUi>false</lockedInUi>
<mode>READ</mode>
<multiValued>false</multiValued>
<override>false</override>
</config>
<attributeId>assignmentPolicies</attributeId>
</widget>