Version Warning

The content below is for Apache Syncope <= 1.2 - for later versions the Reference Guide is available.

Introduction

A Role is an object that allows to group resource access rights to be assigned to the users

Roles are usually used to model the company organization in order to grant security and a consistent provisioning:

  • security is granted by assigning entitlements to the roles;
  • consistent provisioning is granted by assigning external resources to the roles in order to perform a role-based provisioning.

Roles are organized in a hierarchical way; each child can inherit attributes and policies from the parent.

This wiki page aims to show how to manage roles via administration console.

Create new Role

  1. Click on Roles tab.
  2. Click on role you choose to be parent of the new role you are going to create.
  3. Click on Add child link.
  4. Provide attribute, derived attribute and virtual attribute values by clicking on the corresponding tabs.

    Provide derived attribute values by using JEXL Expressions.
    Providing virtual attribute remember that:
    • virtual attribute values won't be stored locally.
    • virtual attribute values will be propagated onto external resources assigned.
    • virtual attribute values will be retrieved from the external resources assigned.
      Further, you have to consider that currently roles cannot be propagated so, actually, virtual role attributes are not used.
      For more details about schema type take a look at Schema, Attributes and Mapping.
  5. Click on Resources tab to assign resources to the role.
  6. Click on Entitlements tab to assign entitlements to the role.
  7. Click on Security tab to specify account and password policies for the role.
    Check Inherit password policy to inherit password policy from the parent or choose one from Password Policy.
    Check Inherit account policy to inherit account policy from the parent or choose one from Account Policy.
  8. Click on Save button.

Image:Roles_1.png|Fig. Roles Tab
Image:Roles_2.png|Fig. Choose resources
Image:Roles_3.png|Fig. Choose entitlements
Image:Roles_4.png|Fig. Add Attributes

Edit Role

  1. Click on Roles tab.
  2. Click on role to be modified (Fig. Roles Tab).
  3. Click on Edit link an provide information as shown at Create new Role paragraph.
  4. Click on Save button.

Delete Role

  1. Click on Roles tab.
  2. Click on role to be modified (Fig. Roles Tab).
  3. Click on Drop link.
  4. Confirm operation.

Questions? Just send an e-mail to user@syncope.apache.org