Add Users to Administrative Roles with Expressions

You can define a Delegated Administration role to determine its user members dynamically by setting conditions under which users are members of that role. You define those conditions with expressions such as user profiles properties and dates/times. For example, you can define a role with the following type of expression: "If a logged-in user has the 'administrator' property set to 'true' and the time is between 9 a.m. and 5 p.m. MST, the user is a role member."

To add users to a role with expressions:

  1. In the Delegated Administration resource tree, create a new role or select the role to which you want to add expressions.
  2. Select the Edit Role Expression tab.
  3. In the drop-down menu, designate whether All of the conditions or Any of the conditions should be met to make a user a role member.
  4. Select the check box next to any conditions you want to set.
    When you select a condition, it expands to let you configure it.
  5. Click Save Changes to apply your edits.
  6. Confirm that the expressions have been successfully added to the role by selecting the Role Properties tab.
  7. You can further define a role by adding users and groups to the role.

Note: If you decide to define roles with expressions whose evaluation changes within the course of processing a request, you may need to adjust your portal application cache settings to ensure that the correct role definition is retreived instead of a cached role. See the Performance Tuning Guide for more details

Related Help Topics: