...
Autoassignment in Object Template
TODO
Autoassignment in roles is simple and elegant, but it has several disadvantages. However, even complex role autoassignment cases can be handled by using object template. The roles can be automatically assigned by using object template mappings:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<objectTemplate>
<name>User Template</name>
...
<mapping>
<authoritative>true</authoritative>
<source>
<path>organization</path>
</source>
<expression>
<assignmentTargetSearch>
<targetType>RoleType</targetType>
<filter>
<q:equal>
<q:path>name</q:path>
<expression>
<path>$organization</path>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
</mapping>
...
<objectTemplate> |
The mapping above will create assignment for any role which name matches with a value of organization user property. Therefore a single mapping can be used to assign a wide range of roles.
See Object Template page for more details about object template mechanism. The Expression page describes the details of assignmentTargetSearch expression evaluator that is frequently used for this purpose.
Roles Within Roles
TODO: inducement
...