Automatic Data Provisioning
You can automatically assign users access to appropriate data based on their work assignments.
Automatic data provisioning occurs if:
-
At least one of the user's assignments matches all data-mapping conditions on a Data Provisioning Rule
-
At least one role is automatically provisioned to the user using Role Provisioning Rules
-
The matched Data Provisioning Rule includes data assignments for a role that is automatically provisioned to the user
For example, you can create a data provisioning rule to assign all current employees of the Finance Department in Seattle the following data assignments:
|
Role |
Data Security Context |
Value |
|---|---|---|
|
Accounts Payable Manager |
Business Unit |
US West |
|
Accounts Payable Supervisor |
Business Unit |
US West |
|
Accounts Payable Specialist |
Business Unit |
US West |
|
Accounts Receivable Manager |
Business Unit |
US West |
|
Accounts Receivable Specialist |
Business Unit |
US West |
|
Financial Analyst |
Data Access Set |
US-Corporate |
|
General Accountant |
Data Access Set |
US-Corporate |
|
General Accounting Manager |
Data Access Set |
US-Corporate |
With this data provisioning rule defined, a user with a work assignment location of Seattle that has been automatically provisioned one of the job roles listed above would also get the corresponding data assignments.
While role mappings and data provisioning rules use similar attributes to find a user's matching assignments, you do not need to use the same combination of attributes to drive role provisioning and the corresponding data provisioning. For example, you can use a combination of job, grade, or department or all to determine automatic provisioning of roles, and use a combination of business unit, legal employer or location or all to determine automatic provisioning of data.