Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-16666

Document how to configure conditional group membership

    XMLWordPrintable

Details

    • Story
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 7.2.0
    • 7.2.0
    • documentation

    Description

      This PR provides support for assigning members to groups, based on a condition.

      Similar in functionality to granting relationships conditionally.

      The condition defines a filter by which membership is assigned.

      Currently a group may be created with a condition where users that match the condition will be conditionally added as members, such as below where users with the city of "Boston" will be group members:

      curl \
      --header "Content-Type: application/json" \
      --header "X-OpenIDM-Username: openidm-admin" \
      --header "X-OpenIDM-Password: openidm-admin" \
      --header "Accept-API-Version: resource=1.0" \
      --header "If-None-Match: *" \
      --request PUT \
      --data '{
       "name": "employeeGroup",
       "description": "an employee group",
       "condition": "/city eq \"Boston\""
      }' \
      "http://localhost:8080/openidm/managed/group/employeeGroup"

      The section Grant Relationships Conditionally

      https://ea.forgerock.com/docs/idm/objects-guide/conditional-relationships.html#conditional-relationships
      may not need any updating since conditional grant functionality should be the same for now.
      There is a link to Grant a Role Based on a Condition though that is given as an example to follow. May want to add a similar section for groups. OPENIDM-16671 for tracking.

       

      Attachments

        Issue Links

          Activity

            People

              Lana Lana Frost
              Lana Lana Frost
              Son Nguyen Son Nguyen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: