AssignRole

automationaccess-control

Execute deterministic role changes from external workflow decisions.

Assigns or revokes roles when external workflows write instructions into IAM-EventTriggers, executing deterministic role changes without direct RBPM APIs.

Overview

Assign Role is designed to assign or revoke a role when another process — for example another driver — places a request in the IAM-EventTriggers attribute of a user.

This capability is useful when an external authoritative source like HR or a ticketing system has already executed the decision workflow and simply wants IAM to execute the decision. Rather than requiring additional development to use the NetIQ RBPM API directly, the existing driver connected to any authoritative source can analyze the data and place instructions in IAM-EventTriggers to let Assign Role perform the role action.

Features

Monitors the IAM-EventTriggers attribute for role assignment and revocation instructions. Executes deterministic role changes based on structured trigger data. Integrates with any authoritative source driver without requiring direct RBPM API calls.

Benefits

Simplifies role automation from external workflow systems

Eliminates need for custom RBPM API integration

Provides deterministic, auditable role assignment and revocation

Works with any existing driver connected to authoritative sources

Reduces development effort for HR-driven or ticketing-driven role changes

Part of

SARA

Smart Access Rights Automation

Automate standard JML access-right assignment, cleanup, and review readiness.

Interested in AssignRole?

Request a demo Browse all products