Skip to main content
Version: On prem: 15.0.0

Differentiator

The purpose of the Differentiator RoPE extension is to define the differentiator concept for resource assignments to avoid its automatic merging to the same resource based on the attributes.

If the attribute values are different, then, the Differentiator extension creates separate CRA's for the same resource.

Configuration and example

Using the extension, you can configure the differentiator attributes per resource type in the RoPE configuration.

To do so, add the following code snippet to the RoPE configuration and adjust the differentiator attributes as needed:

<add type="Omada.RoPE.Controller.OISX.Extensions.AssignmentAttributeValueDifferentiator, Omada.RoPE.Controller.OISX" >
  <settings>
   <add key="<resource type unique identifier>" value="<comma-separated list of attribute system names>"/>
  </settings>
</add>

For example, for the Exchange Mailbox Access resource type and the Mailbox Location and Mailbox reference attributes, the code snippet looks as follows:

<add type="Omada.RoPE.Controller.OISX.Extensions.AssignmentAttributeValueDifferentiator, Omada.RoPE.Controller.OISX" >
  <settings>
   <add key="24bc28da-1b36-40bd-95a3-d4b5d344553d" value="MAILBOXLOCATION,MAILBOXREF"/>
  </settings>
</add>

Usage example

For a reporting platform, the security model is defined by group permissions assigned per report, granting access to the particular report. When assigning a group to an account, a data set is assigned to scope the data presented in the report.

For example, a time registration report is scoped per organizational unit to allow granting permission to a manager to view the data report only for the people for whom the manager is responsible.

Since a manager may be responsible for more than one org. unit, there can be several assignments for one identity. Each assignment should be visible in Omada for access reviews, reporting, and such.

The Differentiator extension allows splitting multiple assignments to the same report on the organizational identifier used in the assignment by specifying the attribute in the configuration.