A.2 Create Users, Groups, and Mappings
This section describes how to create Users, Groups, and Mappings.
The AAI User Provisioning SQL Scripts Generator Utility allows you to use AAI for authN in the Compliance Studio. Identity administrators can create new user groups/roles, perform appropriate roles, usergroup and domain mapping, and so on.
This is provided as a SQL generator utility. This SQL scripts is executed in the AAI's config schema to create the required metadata.
You must execute this script multiple times against each username. Also, generate the merge scripts accordingly.
Execute the following command from
<COMPLIANCE_STUDIO_INSTALLATION_PATH>/deployed/
<mmg-home>/bin directory.
./userprovisioning-script-generator.sh <user> <comma separated listof user
groups or ALL> <infodom> <segment>Sample Commands:
./userprovisioning-script-generator.sh SCRIPTUSER ALL OFSAAAIINFO EMFLD
./userprovisioning-script-generator.sh SCRIPTUSER
MDLREV,MDLUSR,IDENTITY_ADMIN OFSAAAIINFO EMFLDTable A-1 Pre-configured Group
| User Group | Description |
|---|---|
| IDNTYADMN | Identity Administrator group |
| IDNTYAUTH | Identity Authorizer group |
| MDLREV | The Modeling Reviewer Group.
Users mapped to this group have access to the menu items in the application that are related to model review activities. |
| MDLAPPR | The Modeling Approver Group.
Users mapped to this group have the rights to approve models created by the users. |
| MDLBATCHUSR | The Modeling Batch User.
Scheduler can use this Group for executing batches. The Workspace Administrator Group. |
| WKSPADMIN | The Workspace Administrator Group.
Users mapped to this group have access to create and populate workspaces. For viewing the landing page this group is required. |
| MDLUSR | The Modeling User Group.
Users mapped to this group have access to all the menu items in the application that is related to model creation. |
| DSUSRGRP | Data Studio User Group.
This User Group provide access to modify Interpreter configurations. |
| GRPADMIN | The Graph Administrator Group.
Users mapped to this group have access to all the menu items in the application related to graph as well as Pipeline/Refresh graphs related health services. |
| GRPUSR | The Graph User Group.
Users mapped to this group have access to all the menu items in the application related to graph as well as Pipeline/Refresh graphs related health services. |
| DSREDACTGRP | Roles for applying redaction in graph.
This group will be applicable to only those users for whom graph redaction is required. Note: This group has to be created manually in AAI and map it to the users. |
| ERADMIN | Entity resolution admin group.
Note: This group has to be created manually in AAI and map it to the users. |
| ERUSER | Entity resolution user group.
Note: This group has to be created manually in AAI and map it to the users. |
Note:
For more information on adding, updating, and deleting users through AAI realm method, see the System Configuration and Identity Management section in the OFSAAI User Guide.