NIM

Role models

Role models are sets of Roles. Every role exists inside a role model.

To get started, Create a role model.

Typically, you'll build your role model in phases. This may include generating roles in bulk with Role generators, assigning roles to groups in bulk with role generators or Role mining, and manually creating/editing one-off Roles.

There are three types of role models:

Active role model

The active role model contains the current set of in-production Roles, which are executed as part of any groupmembership-type operation in Jobs. When this happens, NIM updates group memberships in the relevant target systems according to the active role model.

There is only one active role model at any given time, and it cannot be edited. To make changes to the active role model, first copy it to replicate its current configuration in the Development role model. Then Edit a role model for the newly-created development role model. The previous development role model becomes a History role model.

Development role model

The development role model is the role model you work on, prior to activating it (i.e., putting it into production). Role generators, Role mining, and manually creating/editing Roles all occur in the development role model.

When you Create a role model, it starts as the development role model. The current development role model becomes a History role model.

Activate the development role model to make it the new Active role model. The previous active role model becomes a history role model.

Important

You cannot execute the development role model. To execute it (i.e., in Jobs or Sync tasks), you must first activate it.

History role model

A history role model is a role model that used to be an Active role model or Development role model, but no longer is.

Restore a history role model to replicate its configuration in a new development role model. The current development role model becomes a history role model.

Inspect a role model to view the contents of a history role model.