Skip to main content

NIM

Role models

Role models are sets of roles. Every role exists inside a role model, regardless of whether you created it manually or using a role generator.

There are three types of role model:

  • Active role model

  • Development role model

  • History role model

Active role model

The active role model contains the current set of in-production roles, which are executed as part of any groupmembership-type operation in Jobs. When this happens, NIM updates group memberships in the relevant target systems according to the active role model.

There is only one active role model at any given time, and it cannot be edited. To make changes to the active role model, first copy it to replicate its current configuration in the development role model. Then edit the newly-created development role model. The previous development role model becomes a history role model.

Development role model

The development role model is the role model you work on, prior to activating it (i.e., putting it into production).

Role generation, role mining, and manually creating/editing roles all takes place in the development role model.

When you create a role model, it starts as the development role model. The current development role model becomes a History role model.

Activate the development role model to make it the new active role model. The previous active role model becomes a history role model.

Use the Inspect roles tool to evaluate the current development role model.

Important

You cannot execute the development role model. To execute it (i.e., in Jobs or Sync tasks), you must first activate it.

History role model

A history role model is a role model that used to be an active or development role model, but no longer is.

Restore a history role model to replicate its configuration in a new development role model. The current development role model becomes a history role model.

Inspect a role model to view the contents of a history role model.