Group <> User role sync¶
The Group <> User role sync package assigns role to users based on the Atlan group they belong to.
Configuration¶
- Selection mode: whether to match the groups by name or regex match.
- List: if the name (display name) of the group is used to fill Admin Group, Member Group and Guest Group.
- Regex: if a regex is used to fill Admin Group, Member Group and Guest Group. All groups that match the regex expression will be used.
- Admin Group: Name (display name) or regex matching expression of the Atlan groups (comma separated) that contain users with admin role. The package updates the role of the users belonging to these groups to admin.
- Member Group: Name (display name) or regex matching expression of the Atlan groups (comma separated) that contain users with member role. The script updates the role of the users belonging to these groups to member.
- Guest Group: Name (display name) or regex matching expression of the Atlan groups (comma separated) that contain users with guest role. The script updates the role of the users belonging to these groups to guest.
- Role hierarchy: hierarchy of the roles. If a user belongs to more than one group and each group has a different role mapped, the hierarchy will defined the final role of the user. The available options are:
- Guest -> Member -> Admin: the Guest role has precedence over the Member role that has precedence over the Admin role,
Default - Guest -> Admin -> Member: the Guest role has precedence over the Admin role that has precedence over the Member role
- Member -> Guest -> Admin: the Member role has precedence over the Guest role that has precedence over the Admin role
- Member -> Admin -> Guest: the Member role has precedence over the Admin role that has precedence over the Guest role
- Admin -> Guest -> Member: the Admin role has precedence over the Guest role that has precedence over the Member role
- Admin -> Member -> Guest: the Admin role has precedence over the Member role that has precedence over the Guest role
- Guest -> Member -> Admin: the Guest role has precedence over the Member role that has precedence over the Admin role,
What it does¶
- Fetch all users that belongs to the groups specified in Admin Group, Member Group and Guest Group.
- Assign a role to users based on the group they belong to:
- admin role to all users belonging to Admin Group
- member role to all users belonging to Member Group
- guest role to all users belonging to Guest Group
If a user is assigned to more than one of the specified group, the more restricted role is assigned. Example: if a user belongs to both the Admin Group and the Guest Group, the guest role is assigned.