SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

New Feature: Importing Local Role Hierarchies

Moderator Moderator
0 0 315

The RSA Identity Governance & Lifecycle version 7.5 release introduces a new Local Role Hierarchy Import feature. This will allow you to now use a CSV file to Add or Remove Roles as role entitlements from other roles and significantly reduce previous manual efforts by optimizing role hierarchy/nesting. The parent roles must be a Local role in the application (Business, Technical, or Global Role types), while the child entitlement role can be a collected or local role.

CSV Contents:

The CSV file requires a header with the following values:


Process Restrictions:

When the system processes the import CSV file the following constraints apply:

  • This will match the role names in the file to a Role's Raw Name.
  • The parent role must be a role that is created in the application (local) or it will be rejected.
  • A new relationship cannot be added if it causes a circular reference.
  • The role must exist in the role set listed in the file.
  • A role cannot be changed if it is currently being changed.
  • The Add_Remove attribute must be an “A” or “R”.
  • When Adding a relationship, it must not exist.
  • When Removing a relationship, it must exist.
  • When there are two records in a file on that tries to Add and another that tries to Remove the same relationship, both are rejected.
  • While the process will reject records that don’t meet the above restrictions it will process any records that do meet all restrictions.

New Menu Item to Import Local Role Hierarchy