Assign roles to users dynamically
|While this use case was validated for accuracy, it can always be improved. To provide feedback, click or in the top right of this page (you must be logged into Backstage).
Estimated time to complete: 10 minutes
In the use case Create test users and roles, you created two users and a role and then assigned the role users to the users. In this use case, you are going to:
Assign an inactive status to one of the users
Add a condition to the role so that it applies only to active users
After completing this use case, you will know how to:
Change the properties of a user
Add a condition to a role
Before you start, make sure you have:
A basic understanding of these ForgeRock concepts:
Identity Cloud admin UI
Identity Cloud End User UI
Completed the use case in Create test users and roles
In this task, you select one of the users you created in Create test users and roles and change their status to inactive.
In the Identity Cloud admin UI, go to Identities > Manage > Alpha realm - Users.
Click on the user
On the user details page, change the Status from the default value
inactiveand save the change.
In this task, you create a condition so that the role applies only to active users.
In the Identity Cloud admin UI, go to Identities > Manage > Alpha Realm - Roles.
Click on the
employeerole and then click on Settings.
In the Condition panel, click on Set up to create the following condition for the role and save the condition:
A conditional filter for this role
Assign to alpha_user if Any conditions are met
(Optional) Click on Add Rule to add another condition and take a moment to browse the other conditions that can apply to roles.
In Create test users and roles, you created the
and manually assigned it to
acruse. To validate this use
case, make sure the role is no longer assigned to
In the Identity Cloud admin UI, go to Identities > Manage > Role Members.
bramanis in the list but
Change the status of
active, then make sure
acruseis in the list but