Identity Cloud

Variables available to role assignment scripts

The optional onAssignment and onUnassignment event scripts specify what should happen to attributes that are affected by role assignments when those assignments are applied to a user, or removed from a user.

These scripts have access to the following variables:

  • sourceObject

  • targetObject

  • existingTargetObject

  • linkQualifier

The standard assignment scripts, replaceTarget.js, mergeWithTarget.js, removeFromTarget.js, and noOp.js have access to all the variables in the previous list, as well as the following:

  • attributeName

  • attributeValue

  • attributesInfo

Role assignment scripts must always return targetObject, otherwise other scripts and code that occur downstream of your script will not work as expected.
Copyright © 2010-2022 ForgeRock, all rights reserved.