Adaxes

Role-Based Access

0 votes

Hi,

I'm currently working on setting up Business Rules that put users in groups based off of their role. I have been successful in having this rule kick off when the user is created with a specific Job Title, however, I'm looking for a bit more functionality, specifically in editing the job title field.

I would like it to operate like this:

User has Job Title A and is assigned Group 1, Group 2, and Group 3 based off of that role.
User's job title changes to Job Title B. Groups 1, 2, and 3 are removed and user is assigned Groups 4, 5, and 6.
User later on down the road is manually assigned group A and Group B.
User's job title changes back to Title A. Groups 4, 5, and 6 are removed but groups A and B are retained, and user is again assigned Group 1, 2 and 3.

Is something like this possible?

by (130 points)
0

Hello,

Yes. However to help you with a solution, could you clarify the following:

User later on down the road is manually assigned group A and Group B.

Can a user be assigned to Group A and Group B automatically (based on Job Title) or only manually?

by (216k points)
0

It's preferable to leave those two groups as manual entries, in the (hopefully) rare occasion that an employee may have to work outside of their assigned role.

Thanks for the reply!

by (130 points)
0

Hello,

Sorry, it looks like we didn't put our question clear enough. Is it possible that Group A and Group B will be assigned to any users based on their Job Title? In other words, does any Job Tile imply membership in the groups?

by (216k points)
0

I think I understand what you're asking. In the future, it's possible that these groups may be assigned to a different role, but not for every user. I was just asking if there was a way for when the job title changes, that it removes just the groups assigned to that role, as opposed to removing all user groups.

by (130 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Yes. it's possible. Take a look at section Update Membership by Schedule, on Creation and Modification in the following tutorial: http://www.adaxes.com/tutorials_Automat ... y_schedule. The sample Custom Command that is available in the section shows how to do a very similar task, changing group membership depending on a user's Department.

Also, if you have many groups to handle, probably it would be easier for you to accomplish the task with the help of a script. Take a look at Example 1 in Automatically Change Group Membership Using Scripts for a sample of such a script and instructions.

0

These tutorials are perfect.

Is there any way to create a business rule that kicks the custom commands off when a specific property on the user is updated, and if not, is there a plan to add this feature in the future?

by (130 points)
0

Hello,

These tutorials are perfect.

Thanks for your feedback! :)
By the way, think about paying some time to look through our tutorials, because the most common Adaxes configuration tasks are described their with lots of details, tips and useful tricks that can help you. All the tutorials are available here.

Is there any way to create a business rule that kicks the custom commands off when a specific property on the user is updated, and if not, is there a plan to add this feature in the future?

There is. An example of such a Business Rule is available in step 3 of section Update Membership by Schedule, on Creation and Modification in the Automatically Add Users to Groups by Department tutorial that we've already mentioned.

Basically, you need to create a Business Rule triggered after updating a User. In the Actions and Conditions of the Business Rule, you can use the If <property> changed condition type to check whether this or that property has changed. To add such a condition to your Business Rule:

  1. Right-click an action that should be triggered only when a certain property is changed and click Add Condition.
  2. Select the If <property> changed condition type.
  3. In the <property> drop-down list, select the necessary property. If it is not available in the list, check the Show all properties option.
  4. Select has changed.
  5. Click OK.
by (216k points)
0

Thanks so much! I read the articles, but I guess I didn't pay close enough attention!

by (130 points)

Related questions

0 votes
1 answer
How can I implement a model to support role-based provisioning operations using AD groups as roles?

I am trying to see if I can implement this in Adaxes somehow to support role-based provisioning to external apps (using appropriate Powershell scripts) but struggling to work ... to invest in a full-blown role-based provisioning platform (would rather not!).

asked Dec 24, 2019 by Bernie (310 points)
0 votes
1 answer
Role assignee based on Attribute

Is it possible to assign a role based on an attribute variable? Basically, where we have users with secretary's I'd like to create a role that allows them to update ... trying to make it a conditional check e.g. use %assistant% as a trustee definition. Thanks

asked May 20, 2013 by firegoblin (1.6k points)
0 votes
1 answer
What specific permission is needed in a security role to grant access to enable a user account?

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
0 votes
1 answer
Is it better to grant access via multiple OU and group assignments in the security role or use a business unit?

I have 18 domains managed by Adaxes and have noticed that Admin (full access) t all objects acts normally, but for piecemeal scopes like Service Desk that scopes to individual ... role (including 16 denies) and expect it to grow as we add more domains.

asked Sep 20, 2022 by DA-symplr (80 points)
0 votes
0 answers
Security Role Limit Access to an OU

Trying to setup a security role so that members can create and administer accounts and group membership. I would like to limit this via OU as a security role and not depend on the filters in the web console. Any suggestions?

asked Apr 5, 2016 by adaxes_user (420 points)
3,351 questions
3,052 answers
7,791 comments
545,103 users