I'm setting up a RDC and am trying to implement something.
I've got a back-end database that shows all roles and role assignments. As a matter of fact I've just created parent roles so it looks like this:
Level 0: Role Set: Departmental Roles
Level 1: Role (Parent): All Human Resources
Level 2: Role (regular): HR Generalist, HR VP, HR Administrator, ....
Note - when I go into the Parent Role I see all the regular (or essentially child roles there). I may swap this around - making parent role just regular; and then demoting the level 2 to a child role, but no matter....
I can get the roles and members configured just fine. I haven't integrated groups (entitlements) to the roles quite yet, but it's getting there.
What I want to show how a user is associated with the Level 2 role (default - by membership rule; or additional role - just picking up roles temporarily/long term/etc). I have a value in my database set to denote this. My problem: how do I collect this and display it in the role membership tab?
I have tried creating attributes in the following: group, role, entitlement, but none of these will actually show up in the role data collector setup wizard.
Have any of you played around with roles?
I think I'm going to end up managing all my roles natively in Aveksa. Doing anything with Role Data Collectors (RDC's) is incomplete - I've managed to setup rules to grant access if users are added to a automated role, but am unable to revoke entitlements (associated with that role) if they are removed. I've opened up a separate thread to see if anyone is leveraging roles in that manner.
If I wind up managing roles manually in Aveksa, then I'll be able to administer sencondary access (where user matches membership rule is FALSE) and temporary access a lot easier.