I am integrating a system via web service, where a user can have the same permission, but in different companies:
During entitlement aggregation, the same permissions are returned, but when assigning this permission to the user, I need to define in which company he will gain this permission, for example:
Permission A, company 1
Permission B, company 2
…
I thought about creating different types of entitlement for each company, with entitlement type 1, 2 …
The problem is that when adding the permission to the user, I am not able to, in addition to passing the permission ID, also pass the company ID, even though this ID is mapped in the entitlement schema.
Is there a way to pass these 2 parameters(entitlemntId and companyId) in the add entitlement?
I have come across this ask in JDBC source and leveraged the JDBC provisioning rule to capture the AccountRequest and the AttributeRequest and add the additional info to the entitlement.
I believe you were on the right path here: Consider having 2 entitlement types, one for the company and one for the permission. When assigning access, consider provisioning access profiles that bundle the company and permission together, or a role that does the same.
I’ll explain how I did it here, I believe it will be helpful to others:
I created several entitlement types (one for each company). Then I created 3 operations for each company (aggregation/add/remove entitlement) and fixed the company ID in the API call URLs.
To be able to add the entitlements of each company to the access profiles, I had to create an aggregation after rule for each company, changing the name of the entitlement that was unique for all companies. For example, Admin (Company 1), Admin (Company 2) and so on, because when creating the access profile, it is not possible to filter by type and the names would be the same.
With this, I was able to provision and revoke the accesses of the role + company together.