Content
The purpose of implementing and using Import Rules is to allow the system to organize users as they login. The system would apply the rules and assign department(s) and a profile based on the set of rules.
1 Logic that governs the Import Rules
- Import Rules are executed in the order they appear.
- Departments (and optionally, Committees) are assigned cumulatively. What this means is if a user validates against multiple rules, they are assigned all the Departments that are set for each of the rules they validate against. For example:
|
Rule # |
Department |
User 1 |
User 2 |
|
1 |
Nursing |
? |
? |
|
2 |
HR |
? |
? |
|
3 |
Lab |
? |
? |
|
Result |
|
Nursing, Lab |
HR, Lab |
- Profiles are assigned differently. Since a user can only have one Profile, the system will assign the user the Profile of the very last rule in the set of rules that the user validates against. Once again, an example should help to illustrate this:
|
Rule # |
Profile |
User 1 |
User 2 |
|
101 |
General Access |
? |
? |
|
102 |
Power User |
? |
? |
|
103 |
General Access |
? |
? |
|
Result |
|
Power User |
General Access |
2 Best Practices
- Implement all Department mapping rules first. For each of these rules assign the basic “General Access” Profile. This ensures that your users will belong to the correct set of departments and the minimal access required to view documents.
- Implement the Profile mappings last, and assign the “General” Department. This will ensure all your users at the very least belong to the “General” Department and will have the correct set of privileges within the system.
An example of an ideal rule implementation would look like this:

3 Default Rule
The system also supports a ‘default’ rule, which acts as a catch-all in the event that a user does not validate against any of the Import Rules. This default rule generally provides basic view access to the system for your registered users:

4 SAML Import Rules
For clients that have chosen SAML functionality for authorization and authentication, Import Rules are required to be implemented. Some collaboration between the PolicyManager™ implementation team and the client IT team is strongly suggested in order to ensure the values being sent to PolicyManager™ over SAML are agreed-upon prior to the process of rule building beginning.
5 LDAP Import Rules
Clients that choose LDAP functionality have the option of enabling enforcement of Import Rules or manually managing their user base within PolicyManager™.
Should I enable LDAP Import Rules?
If your Active Directory is standardized to the point that you can guarantee that you will be able to pull the correct data out of AD then yes, enable LDAP Import Rules. Setting up rules and then having users be updated automatically by the system is a huge time saver in the long run compared to continuously managing your users in PolicyManager™.
Comments
0 comments
Article is closed for comments.