Skip to main content

NIM

Role model Scope

Role Model Scoping provides you the ability to customize how users are targeted within the role model. Customizing the scoping gives you control over what users are included in the role model, and what users are explicitly excluded as well. In the Include filter, you can target everyone that NIM would normally automate, and then use the exclude to define who you don’t want to process group changes for.

In the Include filter, you can target everyone that NIM would normally automate, and then use the exclude to define who you don’t want to process group changes for.

Tip

Include and Exclude Filters should include the key column for the system you are targeting. Multiple system key columns can be in a single filter.

Assign Scopes

Within a Role model adjust the scope settings that will apply to the specific model being modified. This provides you the ability to assign an Include and/or Exclude filter. Additionally you can turn on and off Grant and Revoke actions. These settings on a per system basis. Only systems that are being used within the Role model will show up in the list

  1. Open your current development role model > Edit > Scope tab

  2. Select your include filter under Include Filter and the exclude under Exclude Filter

  3. You can select Grant and Revoke actions as needed. If you don’t want roles to be removed from users, you can deselect Revoke. If you don’t want roles to be given to users, you can deselect Grant.

    RolemodelScope01.png
Include Filter

  1. Create a filter

    RolemodelScope02.png

  2. Define, in general, what type of users you want managed

    RolemodelScope03.png

    Note

    All environments are different, adjust accordingly to fit your needs. In this example however, we define a valid user as one that has a unique identifier (ID, username, etc), and a type. Typically, we do this because there are other types of users that are not given these attributes (admins, techs, service accounts, etc) by default, so we can easily leave them out of role management this way.

Exclude Filter

  1. Create a filter

    RolemodelScope04.png

  2. Define, specifically, what users you don’t want to process group changes for.

    You want the users that you don’t want to be processed listed in this filter. In this example, we’ve defined any users that are in the contractors AD path to ensure that those users can only have their groups managed manually.

    RolemodelScope05.png
Group Membership Report

The Group Membership Report acts as an audit of the role model. There are 6 possible actions you may potentially see here: add, remove, not added (account not included), not added (account excluded), not removed (account not included) and not removed (account excluded). This is important to your scoping configuration because this report will tell you who is being included and excluded from the roles

In this section: