and more in a single search tool across platforms. Read the announcement here. |
12/21/2023 10:14 PM
Hello guys,
We are currently migrating to production.
We created roles for each department after linking the currently running AzureAD and Active Directory accounts to users.
Therefore, each user has the Entitlements required for each department, but is not a member of Role.
In this case, is there a way to retrofit users to members of Role?
Because there are nearly 5000 users, this cannot be done manually.
Thanks,
Solved! Go to Solution.
12/21/2023 11:02 PM
HI @JohnDoe
You should be able to use the "Upload Role Association" feature to achieve your use case...
Upon uploading and importing the .csv file successfully and based on the configurations you select at the time of role upload, the role must get created(If not already present in the system), the role must get assigned to the user, add access tasks must be created for the entitlements in the role(and in the csv file), If the entitlements are already assigned to the user's account, tasks with status "No Action Required" must get created and stay in the "Completed Tasks" tab. The 'ASSIGNEDFROMROLES' columns in the "account_entitlements1" table should also get populated with the respective role keys...
PFA sample file that I used and the screen below is the configuration I used at the time of "Upload Role Association".
Preview of my .csv file before confirming upload...
Tasks with "No Action Required" status that got created as part of the .csv file upload...
View of account_entitlements1 prior to and after uploading roles via"Upload Role Association" where ASSIGNEDFROMROLES were not populated...
Query: select ACCENTKEY, ACCOUNTKEY, ARSTASKKEY, ASSIGNEDFROMCOMPROLE, ASSIGNEDFROMROLE, ASSIGNEDFROMROLES, ENTITLEMENT_VALUEKEY from account_entitlements1 where accountkey = 103088 and ENTITLEMENT_VALUEKEY in (748537, 748650, 749403)
Tips: First test requesting for an enterprise role via ARS and ensure the tasks are getting created as expected. This is to ensure that
a) the role is set up correctly and is in 'Active' Status
b) the entitlements in the role are requestable and the entitlement type configuration(endpoint->Entitlement Type-> Request Option) is configured to create tasks(table in my case)
12/21/2023 11:22 PM
You need to upload the mapping manually. Mapping of assignedfromeroles can be automated not role assignement