Assign roles to users dynamically
This page is a work in progress and isn’t available for general use. It hasn’t been validated for accuracy and is subject to change at any time.
Estimated time to complete: 10 minutes
In the previous use case, you created two users and a role and then assigned the role users to the users. In this use case, you are going to:
Assign an inactive status to one of the users
Add a condition to the role so that it applies only to active users
After completing this use case, you will know how to:
Change the properties of a user
Add a condition to a role
Pat knows that roles can be used to give users access to applications and grant privileges. Pat wants to understand how to assign users to a role dynamically based on their user profile. Pat wants to configure a role with a condition and confirm that the role is assigned dynamically only to users that meet the condition.
Before you start, make sure you have:
A basic understanding of these ForgeRock concepts:
Identity Cloud admin UI
Identity Cloud End User UI
Completed the use case in Create users and roles
In this task, you select one of the users you created in Create users and roles and change their status to inactive.
In the Identity Cloud admin UI, go to Identities > Manage > Alpha realm - Users.
Click on the user
On the user details page, change the Status from the default value
inactiveand save the change.
In this task, you create a condition so that the role applies only to active users.
In the Identity Cloud admin UI, go to Identities > Manage > Alpha Realm - Roles.
Click on the
employeerole and then click on Settings.
In the Condition panel, click on Set up to create the following condition for the role and save the condition:
A conditional filter for this role
Assign to alpha_user if Any conditions are met
(Optional) Click on add Add Rule to add another condition and take a moment to browse the other conditions that can apply to roles.
In Create users and roles, you created the
and manually assigned it to
acruse. To validate this use
case, make sure the role is no longer assigned to
In the Identity Cloud admin UI, go to Identities > Manage > Role Members.
bramanis in the list but
Change the status of
active, then make sure
acruseis in the list but
The users in Pat’s organization vary by type; some users are contractors and some are employees. In the next use case, Pat creates organizations to administer different types of user.