...

...

...

...

Roles and Organizations

Roles and organizations are configurable. For example, the role requests through the self-service interface can be configured as follows:

• You can define that roles can only be requested from within the home organization, that is, the organization where the user object resides in.
• You can create role lists. There are two types of role lists:
  • Black list.
    End-users cannot request roles in the black list. They can only request roles not in the black list.
  • White list.
    End-users can only request roles in the white list. They cannot request any other roles.

Roles

In Ubisecure CustomerID, all roles are described as EntityNames. Supported characters are basic letters ("a-zA-Z"), Scandinavian characters ("äöåÄÖÅ"), numbers ("0-9"), space (" ") and some special characters (",._-"). All other characters are replaced with a space.The following is an example of an EntityName of a role: 

...

# Ubisecure DirectoryubiloginMemberOf= cn=OrganizationMainUser,ou=Lapland,ou=Societies,ou=eIDM Users,<ROOT DN> 
# Microsoft Active DirectorymemberOf= cn=OrganizationMainUser,ou=Lapland,ou=Societies,ou=eIDM Users, <ROOT DN>

Organizations

Organizations have a technical name and a display name. The technical name is the actual path (relative name) of the organization in the main repository, and the display name is the name that is shown in user interfaces.

...

The configurations for roles and configurations described above are done in the permissions.properties file. For more information, see CustomerID Internal Access Control access control (Permissionspermissions) - CustomerID.