1. Securing Sales and Fusion Service
  2. Role Autoprovisioning

Role Autoprovisioning

Autoprovisioning is the automatic allocation or removal of job or abstract roles to users. It occurs for individual users when you create or update the resource role assigned to a user or the user's HR assignment status.

You can also apply autoprovisioning explicitly for the enterprise using the Autoprovision Roles for All Users scheduled process. This topic explains the effects of applying autoprovisioning for the enterprise.

Roles That Autoprovisioning Affects

Autoprovisioning applies only to roles that have the Autoprovision option enabled in a role mapping.

It doesn't apply to roles without the Autoprovision option enabled.

The Autoprovision Roles for All Users Scheduled Process

The Autoprovision Roles for All Users process compares the roles assigned to a user with all current role mappings.

  • Users who satisfy the conditions in a role mapping and who don't currently have the associated roles acquire those roles.

  • Users who currently have the roles but no longer satisfy the associated role-mapping conditions lose those roles.

The process creates requests immediately to add or remove roles. These requests are processed by the Send Pending LDAP Requests process. When running Autoprovision Roles for All Users, you can specify when role requests are to be processed. You can either process them immediately or defer them as a batch to the next run of the Send Pending LDAP Requests process. Deferring the processing is better for performance, especially when thousands of role requests may be generated. Set the Process Generated Role Requests parameter to No to defer the processing. If you process the requests immediately, then Autoprovision Roles for All Users produces a report identifying the LDAP request ranges that were generated. Requests are processed on their effective dates.

When to Run the Process

It's a good idea to run Autoprovision Roles for All Users after creating or editing role mappings. You may also have to run it after importing new users to provision roles to the new users. Avoid running the process more than once in any day. Otherwise, the number of role requests that the process generates may slow the provisioning process.

Only one instance of Autoprovision Roles for All Users can run at a time.

Autoprovisioning for Individual Users

You can apply autoprovisioning for individual users on the Create User or Edit User page by clicking Autoprovision Roles in the Roles region of the page.

Related Topics