The RSA Identity Governance & Lifecycle version 7.5 release introduces a new Local Role Hierarchy Import feature. This will allow you to now use a CSV file to Add or Remove Roles as role entitlements from other roles and significantly reduce previous manual efforts by optimizing role hierarchy/nesting. The parent roles must be a Local role in the application (Business, Technical, or Global Role types), while the child entitlement role can be a collected or local role.

CSV Contents:

The CSV file requires a header with the following values:

"Parent_Role_Name","Parent_RoleSet","Child_Role_Name","Child_RoleSet","Add_Remove"

Process Restrictions:

When the system processes the import CSV file the following constraints apply:

• This will match the role names in the file to a Role's Raw Name.
• The parent role must be a role that is created in the application (local) or it will be rejected.
• A new relationship cannot be added if it causes a circular reference.
• The role must exist in the role set listed in the file.
• A role cannot be changed if it is currently being changed.
• The Add_Remove attribute must be an “A” or “R”.
• When Adding a relationship, it must not exist.
• When Removing a relationship, it must exist.
• When there are two records in a file on that tries to Add and another that tries to Remove the same relationship, both are rejected.
• While the process will reject records that don’t meet the above restrictions it will process any records that do meet all restrictions.

New Menu Item to Import Local Role Hierarchy