Single generic user role for multiple groups
Hi all,
We have a one to one mapping between our vendor organization [around 700+] , organization in IDM and the group in AD. i.e. we have a group in AD for every vendor and also an IDM organization .. when an user 'X' gets created lets say for vendor 'A' ,' 'X' is created under organization 'A' and also has to get a group membership in AD group 'A'. For this we are trying to use User Role with AD attributes and 'groups' field within it.
We dont want to create a user role for every vendor it would be then 700+ user roles, we want one generic user role which would get the AD attribute 'groups' value at runtime based on the organization which this user will belong to?
Please let me know if you have any input on this, I appreciate your help.
thanks,
Sanketh
# 2
Hi Paul,
Thanks for the quick reply. I actually didnt use your solution as I felt it was littble bit complex but I was able to the idea in a different scenario.
I have one more doubt.
This is our organization structure:
Top
VendorGroup01
Vendor01
Vendor02
Vendor03
VendorGroup02
Vendor04
Vendor05
Vendor06
The generic role that I have created should be visible for the organizaiton 'VendorGroup01' and to all the organizations below it [not to anyone else]. I am not able to do that.
here is the xml chunk from that role :
<ObjectRef type='ObjectGroup' id='#ID#28928B815B26A801:147EE05:11017E32EE6:-7D25' name='28928B815B26A801:147EE05:11017E32EE6:-7D26' displayName='VendorGroup01'/>
The problem is if I set it to "VendorGroup01' its not visible for 'Vendor01' and other organizations under it.
For now I have used 'All', which definitely is not a good solution
<ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
Do you have any ideas on this?
thanks,
Sanketh
