Introduction
Now in beta, you can manually sync users whose roles have been updated by a bulk user upload instead of waiting until a user logs in for their roles to apply. This will make validation and testing of Application Access and Data Access Roles easier after a user has been modified through a bulk upload.
1. Permissions
During this beta period, Sync Roles is behind a feature flag so you will need to speak with your CS Lead to enable this feature on the user logged in for testing.
There will be two users involved in the process:
- A logged in user, who performs the actions (typically an admin user); and,
- A target user, which is the user whose roles get synced. In the following example, the target user is Bluey Heeler.
Sync Roles is available from the Users page. The following permissions and requirements need to be met:
- the permission CanViewUsers is required for the logged in user
- the permission CanUploadBulkUserFile is required for the logged in user
-
Bulk User Upload is enabled on the Company Page
-
the target user has the flag On login automatically assign One Model roles from the mapping of Company Supplied Roles configured for SSO or File Based User Upload enabled.
2. How to
This new feature can be especially useful for a target user who has a Customer Supplied Role uploaded via the Bulk User Upload, but has not yet logged in. Previously, Application Access and Data Access Roles would only be applied after a user logged in. The Sync User function applies the Application Access and Data Access Roles and enables functionality such as user proxy for testing.
When working with existing users, it is recommended to download the User and Roles (Delimited) Admin report, before making any changes.
- Use the Admin Report to find a test target user, that has a Customer Supplied Role assigned.
- Double check on the Company Page > Bulk User Upload that the Customer Supplied Roles is mapped to an Application and Data Access Role
- Go to the User page and find the test target user
- Go to Roles
- If the user has not yet logged in, Roles will be empty. In case the user has already logged in, take a note of the roles they had and deselect all roles.
- Click Update Roles
- Go back to the Users Page and select Sync Roles for the target user
- Verify the Application Access and Data Access Roles have been applied via the Roles view or the Users and Roles (Delimited) Admin Report. Another way to verify is to Proxy as that user.
- The Admin Report also has an additional column last manual sync (applies to bulk uploaded users only), which will indicate when the user was last synced.
Comments
0 comments
Please sign in to leave a comment.