NIM

Create, edit, or remove a role generator

For more information, see Role generators.

Create a role generator

Important

Typically, any time you create a role generator, it will be part of a broader effort to configure NIM for Group management. If that is your goal, you should start with the Provision groups & manage memberships tutorial instead of this one. This tutorial represents only a subset of that process.

  1. Create a filter for the Role Generation Filter of the role generator.

  2. Create a filter for the Role Member Filter of the role generator.

  3. Go to Output > Roles.

  4. Go to the Role Generation tab.

    2021-12-14_15-04-12.png
  5. Click Add.

  6. Enter a Role Generator Name.

    2022-01-25_13-47-30.png

    For example, azureRoleGen.

  7. Click Create.

  8. For the Role Generation Filter, select the filter created in step (1).

    2021-12-15_13-41-57.png
  9. For the Role Name Column, select the column of the Role Generation Filter based on which roles should be generated. For example, if you're creating a 1:1 correspondence of roles to departments, this will be the column containing the names of the departments in your source system.

    2021-12-15_13-42-29.png
  10. For the Role Member Filter, select the filter created in step (2).

    2021-12-15_13-44-32.png
  11. For the Member Filter Param Value, select the column from the Role Generation Filter to feed through the Member Filter Param Name parameter, to generate the roles. Typically this is the same as the Role Name Column.

    2021-12-15_13-52-12.png
  12. The Role groups pane is automatically populated with the include lookup from the Role Generation Filter. Select the Enabled checkbox for the entry. This places existing groups into their corresponding roles.

    2021-12-15_13-53-49.png

    Tip

    An additional way to place groups in roles is Role mining. It is not necessary in this example, but may be useful in more complex production scenarios.

  13. Click Save.

  14. Optional: Go to the Members tab and click Calculate to preview the members that will be assigned to the generated roles.

    2021-12-15_13-59-36.png
  15. Optional: Go to the Groups tab and click Calculate to preview the groups in the target system which will be included in generated roles. Only groups found in the Lookup are included.

    2021-12-15_14-01-45.png
  16. Optional: Go to the Roles tab and click Calculate to preview the roles that will be generated.

    2021-12-15_14-08-00.png
  17. Go to the Run tab.

  18. Optional: Adjust the Execution Options.

  19. Click Calculate to preview all operations that will be performed.

    2021-12-15_14-15-05.png
  20. Click Apply Generator to execute the role generator.

  21. Edit a role model for the current Development role model.

    The development role model has been populated with the generated roles.

    2021-12-15_14-23-01.png

    Note

    If you manually edit the roles in the active role model, and subsequently apply this role generator again, it will overwrite any manual changes you made.

  22. You can now Activate the development role model, Create a job to execute it, and Create a sync task to schedule the job.

  1. Go to Output > Roles.

  2. Go to the Role Generation tab.

  3. Click edit-task.png Edit Role Generator for the relevant role generator.

  4. Continue by following the steps in Create a role generator.

  1. Go to Output > Roles.

  2. Go to the Role Generation tab.

  3. Click remove-password-generator.png Remove Role Generator for the relevant role generator.

  4. Click Yes.