c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * Copyright 2015 ForgeRock AS. All rights reserved.
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * The contents of this file are subject to the terms
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * of the Common Development and Distribution License
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * (the License). You may not use this file except in
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * compliance with the License.
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * You can obtain a copy of the License at
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * http://forgerock.org/license/CDDLv1.0.html
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * See the License for the specific language governing
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * permission and limitations under the License.
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * When distributing Covered Code, include this CDDL
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * Header Notice in each file and include the License file
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * at http://forgerock.org/license/CDDLv1.0.html
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * If applicable, add the following below the CDDL Header,
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * with the fields enclosed by brackets [] replaced by
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * your own identifying information:
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe * "Portions Copyrighted [year] [name of copyright owner]"
3ee0383ad6381d9b18fb94cf251068f5031ba480Laurent BristielRoles Samples: All you ever wanted to know about Roles in OpenIDM
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe==================================================================
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas PhilippeThe samples available in the sub-directories provide all the information
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippeyou need to manage Roles in OpenIDM, via either REST or via the Administrative
3ee0383ad6381d9b18fb94cf251068f5031ba480Laurent BristielUI. The following use cases are covered:
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe* Create a role
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe* Update a role
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe* Create a role with an assignment (entitlement) or update an existing
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe role to add an assignment to that role.
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe* Query all roles and their assignments
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe* Query all user and their roles (+assignments)
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe* Sync a user who has a role with an attribute bearing entitlement to
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe an external system (OpenDJ, based on sample 2b)
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe* Delete a role
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas PhilippeCRUD operations for Roles
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe-------------------------
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas PhilippeAvailable as part of the "crudops" sample. Provides a list of operations that
3ee0383ad6381d9b18fb94cf251068f5031ba480Laurent Bristielcan be performed via REST or via the UI to manage roles in OpenIDM.
3ee0383ad6381d9b18fb94cf251068f5031ba480Laurent BristielUse Case: the "Employee" and "Contractor" roles (common in most companies) will
3ee0383ad6381d9b18fb94cf251068f5031ba480Laurent Bristielbe created, searched, updated, assigned to a user via the REST API; the
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe"Contractor" role will be deallocated from the user and deleted. That same
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas PhilippeContractor role will be (re)created via the Admin UI, updated and finally
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippedeleted again.
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas PhilippeProvisioning with Roles
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippe-----------------------
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas PhilippeAvailable as part of the "provroles" sample. Provides a list of operations
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippeand configurations necessary for the provisioning of a set of attributes based
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippeon role membership. The set of attributes will be pushed with the rest of the
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippeuser information to OpenDJ (based on sample2b).
3ee0383ad6381d9b18fb94cf251068f5031ba480Laurent BristielUse Case: all regular (full-time) employees of the company must have their
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippeemployee type set and they must all be a member of the _Employees_ and
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippethe _Chat Users_ groups in the corporate directory (OpenDJ). In turn,
c47e9248564b807eca4362bb0e9c4997101a16e9Nicolas Philippecontractors must also have their employee type set but they will only be part
3ee0383ad6381d9b18fb94cf251068f5031ba480Laurent Bristielof the _Contractors_ group (no chatting for contractors!). Roles will be used
c2a1ba49d48529d09c5492a45d72eea3c64f8310Nicolas Philippeto set the required properties on the external resource (OpenDJ).