Skip to main content
Version: Cloud

Context assignments

The relationship between an identity and a context is called a context assignment. An identity has a context assignment to a context - either a direct context assignment or a membership-based context assignment.

Becoming a member of a context

There are a number of steps to go through in order to become a member of a context.

End-users can request to join a context, also known as joining a project. To do this, you must go to Services > Join a project. If you are not using projects as a context type, you can rename the process to something more relevant than "Join a project".

Users must specify a reason for why they want to be a member of the context by typing a description of this in the Reason for request field.

The context owner must approve the end user's request for membership.

Membership-based context assignments

You can specify a membership property for contexts that create contexts assignments based on a reference between an identity and a context.

The identity data object has a reference property named OUREF which refers org. unit objects. In the context type definition Org. units, it is specified that this property refers the identity's membership to an org. unit.

In the example below, the identity, William Parker, is a member of the Administration (Chicago Downtown) organizational unit and the Primary context type is Org. Units, as illustrated below.

William Parker belongs to this context via a membership-based context assignment.

context-assign

The benefit of handling context via membership-based context assignment is that it limits the work required to maintain context assignments.

Direct context assignments

You create direct context assignments through the Request Membership process if you have context owner rights when you edit the context object. Identities are also added to a context when a context owner requests access on their behalf in the request access process.

Note that in the default security setup, context owners can create context assignments, but not delete them.

  1. After editing the relevant values, click OK and Close.
tip

The value set on the resource assignment Valid To field should match the value set in the filter expression. To do so, follow these steps:

  • When editing the relevant event definition, at the bottom of the view, select the action type and then click Edit.

  • In the Modification action dialog box, in the Valid to field, enter the value so it matches with the value for the filter expression.

  • When you are finished, click OK.