We need to map from Cuba-Platform user role to AD security groups.
Our HHRR Department sends a request to IT Operations Department to create a user and assign the role the user has in every application he can access. If the user changes his tasks in the Organization, IT Operations Department will receive a request to delete old permissions and to assign new ones.
The main goal is having application user permissions centralized in Ms-AD and avoiding managing user roles and permissions in every one application.
First question is, are there some standard solution in Cuba-Platform for doing this mapping between AD security groups and Cuba-Platform user role?
If there isn’t any standard solution, we will be very grateful if someone who could advise us how to implement next process in Cuba-Platform :
* After user authentication integrated with LDAP (Ms-AD) is done, it triggers a process that reads from Ms-AD the list of security groups assigned to this user and update the SEC_USER_ROLE table with roles (security groups) actually existing on Ms-AD.
We had thought in this solution but, if someone has another idea to do it, we’ll be very grateful to know another solution ways.
Thanks in advance.
Regards,