Difference between revisions of "Active Directory - Role Mapping"

From Fusion Registry Wiki
Jump to navigation Jump to search
(Editing a Mapping)
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Functions]]
 
[[Category:Functions]]
 +
[[Category:RegistrySecurity]]
 
=Overview=
 
=Overview=
 +
'''This feature is only available in Version 10.''' <br>
  
coming soon.
+
The Role Mapping function links Organisations (Agencies, Data Providers and Data Consumers) and Administrators to an Active Directory implementation.
 
 
 
=Setting up Role Mappings=
 
=Setting up Role Mappings=
  
Please refer to [https://wiki.sdmxcloud.org/Set_up_Role_Mappings this article].
+
Please refer to [https://wiki.sdmxcloud.org/Active_Directory_-_Set_up_Role_Mappings this article].
  
 
=Editing a Mapping=
 
=Editing a Mapping=
Line 40: Line 41:
  
  
=Import a Mapping from a CSV file=
+
=Import Mapping from a CSV file=
==Not using a previously exported CSV file==
+
=='''Not''' using a previously exported CSV file==
 
This option allows you to paste in text as shown in the example below.
 
This option allows you to paste in text as shown in the example below.
  
 
[[File:ADMINRM6.PNG|600px]]
 
[[File:ADMINRM6.PNG|600px]]
  
Provided that the text is correctly entered, the role mappings will be created for you once the ''Import'' button is clicked.
+
Provided that the text is correctly entered, the role mappings will be created for you once the '''Import''' button is clicked.
  
 
In this example:
 
In this example:
Line 55: Line 56:
 
* The Agency has 4 Data Consumers (DPC - DC4) who are all members of the AD Group GOT-DATA-CONSUMERS
 
* The Agency has 4 Data Consumers (DPC - DC4) who are all members of the AD Group GOT-DATA-CONSUMERS
  
A comma is needed between the AG Group and the text (for example) <nowiki>urn:sdmx:org.sdmx.infomodel.base.DataProvider=GOT:DATA_PROVIDERS(1.0)</nowiki>
+
A comma is needed between the AD '''Group''' and the text (for example) <nowiki>urn:sdmx:org.sdmx.infomodel.base.DataProvider=GOT:DATA_PROVIDERS(1.0)</nowiki>
  
 
In this example the text to enter would be as shown below (with additional lines for DC2 - DC4 and DP2 - DP4).
 
In this example the text to enter would be as shown below (with additional lines for DC2 - DC4 and DP2 - DP4).
  
* Admin User: YADMIN,Administrator
+
* Admin User:   ''YADMIN,Administrator''
* Agency: GOT-AGENCY,<nowiki>urn:sdmx:org.sdmx.infomodel.base.Agency=GOT</nowiki>
+
* Agency:     ''GOT-AGENCY,<nowiki>urn:sdmx:org.sdmx.infomodel.base.Agency=GOT</nowiki>''
* Data Provider: GOT-DATA-PROVIDERS,<nowiki>urn:sdmx:org.sdmx.infomodel.base.DataProvider=GOT:DATA_PROVIDERS(1.0).DP1</nowiki>
+
* Data Provider:     ''GOT-DATA-PROVIDERS,<nowiki>urn:sdmx:org.sdmx.infomodel.base.DataProvider=GOT:DATA_PROVIDERS(1.0).DP1</nowiki>''
* Data Consumer: GOT-DATA-CONSUMERS,<nowiki>urn:sdmx:org.sdmx.infomodel.base.DataConsumer=GOT:DATA_CONSUMERS(1.0).DC1</nowiki>
+
* Data Consumer:     ''GOT-DATA-CONSUMERS,<nowiki>urn:sdmx:org.sdmx.infomodel.base.DataConsumer=GOT:DATA_CONSUMERS(1.0).DC1</nowiki>
 +
''
  
 
==Using a previously exported CSV file==
 
==Using a previously exported CSV file==
  
 
You will need to manipulate the files exported via the Role Mapping page.
 
You will need to manipulate the files exported via the Role Mapping page.
 +
 +
'''Example 1'''<br>
  
 
In this example, I have opened the CSV file using Excel and have used the concatenate function to create a file in the correct format. The column "Concatenated" is the copied and pasted into the import box.
 
In this example, I have opened the CSV file using Excel and have used the concatenate function to create a file in the correct format. The column "Concatenated" is the copied and pasted into the import box.
Line 72: Line 76:
  
 
[[File:ADMINRM2.PNG|800px]]
 
[[File:ADMINRM2.PNG|800px]]
 +
 +
 +
'''Example 2'''<br>
  
 
In this example I have opened the CSV file using Notepad and used find and replace to remove the " characters.
 
In this example I have opened the CSV file using Notepad and used find and replace to remove the " characters.
Line 78: Line 85:
 
[[File:ADMINRM5.PNG|800px]]
 
[[File:ADMINRM5.PNG|800px]]
  
 +
=Adding an Administrator=
 +
 +
<br>
 +
If you wish to add an Administrator, enter the Name of the AD '''Group''' and tick the box Administrator as shown below.
  
=Adding an Administrator=
 
If you wish to add an Administrator, enter the Name of the AD Group and tick the box Administrator as shown below.
 
  
[[File:ADMINRM1.PNG|800px]]
+
[[File:ADMINRM1.PNG|600px]]

Latest revision as of 05:01, 12 September 2024

Overview

This feature is only available in Version 10.

The Role Mapping function links Organisations (Agencies, Data Providers and Data Consumers) and Administrators to an Active Directory implementation.

Setting up Role Mappings

Please refer to this article.

Editing a Mapping

To change a Role Mapping, click the relevant option to open the Role Mapping modal which will display the name of the Group in Active Directory and the Organisations in the Registry that have been mapped to the Group.

To add another Organisation to the AD Group, select it so a tick appears in the relevant box.

To remove an Organisation, simply untick.

To remove the whole group from the Role Mapping page, make sure that no ticks are present and when you return to the Role Mapping page you will find that any Organisation previously applied to the Group will no longer appear.

Once you have finished editing, click Assign.

Delete all Mappings

This can be achieved by using the tool as shown below.


VMSS10.PNG


Export Mapping to a CSV file

This option allows you to export an excel CSV file, How this file appears will depend on what you use to open it with.

Opened with Excel

ADMINRM3.PNG

Opened with Notepad

ADMINRM4.PNG


Import Mapping from a CSV file

Not using a previously exported CSV file

This option allows you to paste in text as shown in the example below.

ADMINRM6.PNG

Provided that the text is correctly entered, the role mappings will be created for you once the Import button is clicked.

In this example:

  • There is an Administrator which is in the AD Group YADMIN.
  • The Agency ID in the Registry is GOT.
  • The Agency has 4 Data Providers (DP1 - DP4) who are all members of the AD Group GOT-DATA-PROVIDERS
  • The Agency has 4 Data Consumers (DPC - DC4) who are all members of the AD Group GOT-DATA-CONSUMERS

A comma is needed between the AD Group and the text (for example) urn:sdmx:org.sdmx.infomodel.base.DataProvider=GOT:DATA_PROVIDERS(1.0)

In this example the text to enter would be as shown below (with additional lines for DC2 - DC4 and DP2 - DP4).

  • Admin User: YADMIN,Administrator
  • Agency: GOT-AGENCY,urn:sdmx:org.sdmx.infomodel.base.Agency=GOT
  • Data Provider: GOT-DATA-PROVIDERS,urn:sdmx:org.sdmx.infomodel.base.DataProvider=GOT:DATA_PROVIDERS(1.0).DP1
  • Data Consumer: GOT-DATA-CONSUMERS,urn:sdmx:org.sdmx.infomodel.base.DataConsumer=GOT:DATA_CONSUMERS(1.0).DC1

Using a previously exported CSV file

You will need to manipulate the files exported via the Role Mapping page.

Example 1

In this example, I have opened the CSV file using Excel and have used the concatenate function to create a file in the correct format. The column "Concatenated" is the copied and pasted into the import box.


ADMINRM2.PNG


Example 2

In this example I have opened the CSV file using Notepad and used find and replace to remove the " characters.


ADMINRM5.PNG

Adding an Administrator


If you wish to add an Administrator, enter the Name of the AD Group and tick the box Administrator as shown below.


ADMINRM1.PNG