Hello everyone,
I am working with OpenIAM 4.1.2.14 and I am looking for guidance on the best practice for managing a large number of job positions (more than 200).
My current design is:
Job Position (Role Parent)
→ Business Role
→ Provisioning Profile
→ Technical Permissions / Groups
For example:
RRHH ANALYST
→ Second Line Role
→ Second Line Profile
→ AD Groups / Technical Entitlements
Currently, for each job position I have to create:
One Business Rule with “Add User to Role” + EvaluateObjectsToUserBasedOnRole.groovy
One Business Rule with “Remove User from Role” + RevokeObjectsToUserBasedOnRole.groovy
This means that with more than 200 job positions I would need to maintain more than 400 Business Rules.
My question is:
Is this the recommended approach in OpenIAM?
Or is there a way to create only two generic Business Rules (one for add and one for remove) and dynamically determine the role based on the user’s Title or Job Position?
In my environment, all child roles, profiles, and technical permissions are already configured under the parent job position role. The Business Rule is only responsible for assigning or removing the parent job position role from the user.
Example:
User Title = “RRHH ANALYST”
The Business Rule would dynamically find the role with the same name and assign it, instead of having a dedicated “Add User to Role” Business Rule for every position.
I would appreciate any recommendations, examples, or best practices for handling a large number of job positions in OpenIAM.
Thank you.