Initiates a request to Roles Based Provisioning Module (RBPM) for assigning a role in the Role DN field to a user specified in the Object field. This action is available only with the Identity Manager server 3.6 or later. If a policy containing this action encounters an error, Identity Manager generates an error message in the error.do-add-role local variable. For more information about local error variables, see Local Variable Selector.
Specify the name of the role to assign, in LDAP format. Supports variable expansion. For more information, see Variable Selector.
Specify the URL of the User Application server hosting the Roles Based Provisioning module. Supports variable expansion. For more information, see Variable Selector.
Specify the name of the user authorized to request the role assignment, in LDAP format. Supports variable expansion. For more information, see Variable Selector.
Specify the number of milliseconds you want Identity Manager to try to establish a connection to the User Application server before timing out. The default value is 0.
Specify the authorized user password. You can enter a clear text password (not recommended) or use the Argument Builder to specify a Named Password.
Select the target object type. This object can be the current object, or can be specified by a DN or an association.
(Optional) Specify additional argument strings for the Role assignment request. You can enter the strings manually, or select the Edit the Strings icon. to open the Named String Builder and specify the strings. For more information about the Named String Builder, see Named String Builder.
The Add Role action supports the following string arguments:
String Name |
Description |
---|---|
role-assignment-type |
The type of the role assignment. You can choose from the following options:
Default: USER_TO_ROLE. |
description |
A description of the reason for the request used for auditing and (if necessary) approval purposes. Default: Request generated by the policy. |
effective-time |
The time (in CTIME format) the role assignment should become effective. Default: now |
expiration-time |
The time (in CTIME format) the role assignment automatically expires. Default: never |
sod-justification |
A justification for requesting an exception for any Separation of Duty violations this assignment will trigger. Default: No exception will be requested and the request will fail if it causes a violation. NOTE:By default, the Named String Builder does not display this string. However, you can manually add it to the string list. |
CorrelationID |
An identifier to correlate the role assignment process. Default: Operation event Correlation ID If no value is specified for the argument, it uses the default value. NOTE:This string argument is not available in the Policy Builder user interface of this version. |
originator |
The originator of the role assignment request. |