Create Person Attribute Management Role Policies

Person Attribute Management Role policies automatically generate Management Roles and assign people to those roles based on specified attribute values, such as department name. When the policy runs, the Dynamic Hierarchy engine adds any person with the matching attribute value to the corresponding Management Role.

Prerequisites

To create Dynamic Hierarchy policies, you need appropriate permissions to access and configure Dynamic Hierarchies in EmpowerID.

Create a Person Attribute Management Role Policy

1. On the navbar, expand Dynamic Hierarchies and select Policies.

2. Click the Add (+) button. The Policy Details form opens.

3. In the General section, configure:

   • Select a Policy Type – Select Person attribute management role
   • Name – Enter a name for the policy
   • Description – Enter a description for the policy
   • Resource System – Select EmpowerID

4. Configure the Hierarchy Generation schedule.

   View Hierarchy Generation Settings

   • Hierarchy Generation Enabled – Select this option to enable EmpowerID to generate hierarchies from the policy

   • Hierarchy Generation Next Run – Click the field and select the date and time for the next run of the Hierarchy Generation job

   • Hierarchy Generation Schedule – Set the start and end dates for hierarchy generation to occur

   • Hierarchy Generation Interval – Set the interval for the Hierarchy Generation job to process the policy:

     • Once – Hierarchy generation occurs one time

     • Minute Interval – Hierarchy generation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice: first at the date and time specified in the Hierarchy Generation Next Run field, and again 24 minutes after the first run completes. If you select Run Indefinitely with an interval of 24, hierarchy generation occurs once every 24 minutes, indefinitely.

     • Hour Interval – Hierarchy generation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, hierarchy generation occurs twice: first at the specified date and time, and again 24 hours after the first run completes. If you select Run Indefinitely with an interval of 24, hierarchy generation occurs once every 24 hours, indefinitely.

     • Daily – Hierarchy generation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. For example, if you select an iteration of 2, hierarchy generation occurs twice: first at the specified date and time, and again on the following day at the time specified in the Times field. If you select Run Indefinitely, hierarchy generation occurs daily at the time specified in the Times field.

5. Configure the Membership Recalculation schedule.

   View Membership Recalculation Settings

   • Membership Recalculation Enabled – Select this option to enable the system to update group membership as specified by the schedule and interval

   • Membership Recalculate Next Run – Set the date and time for the next run of the Dynamic Hierarchy Membership Recalculation job

   • Membership Recalculation Schedule – Set the start and end dates for membership recalculation to occur

   • Membership Recalculation Interval – Set the interval for membership recalculation to run:

     • Once – Membership recalculation occurs one time

     • Minute Interval – Membership recalculation occurs "X" times every "Y" minutes as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice: first at the date and time specified in the Membership Recalculate Next Run field, and again 24 minutes after the first run completes. If you select Run Indefinitely with an interval of 24, membership recalculation occurs once every 24 minutes, indefinitely.

     • Hour Interval – Membership recalculation occurs "X" times every "Y" hours as specified in the Run Indefinitely, Iterations and Interval fields. For example, if you select an iteration of 2 and an interval of 24, membership recalculation occurs twice: first at the specified date and time, and again 24 hours after the first run completes. If you select Run Indefinitely with an interval of 24, membership recalculation occurs once every 24 hours, indefinitely.

     • Daily – Membership recalculation occurs once every "X" days at a designated time as specified in the Run Indefinitely, Iterations and Times fields. For example, if you select an iteration of 2, membership recalculation occurs twice: first at the specified date and time, and again on the following day at the time specified in the Times field. If you select Run Indefinitely, membership recalculation occurs daily at the time specified in the Times field.

6. In the Policy Settings section, configure:

   • Attribute Name – Select the person attribute on which to base Management Role generation
   • Naming Convention – At a minimum enter {Value1}. EmpowerID creates a dynamic Management Role for each unique attribute value. For example, if you selected the Title attribute, a Management Role is created for each unique title and all people with those titles are added to the respective Management Role.
   • Empty Management Role Action – Select an appropriate action for EmpowerID to take if a Management Role created by the policy has no members
   • Parent Management Role Definition – By default, the Blank Management Role Definition is set as the parent. This definition has no inherited delegations and serves as a template for custom Management Roles. If you need a different role definition, search for and select it. The dynamic role inherits all delegations of the parent.

7. In the Alerts section, configure notification settings:

   • Create Management Role Alert Active – Select to send alerts when Management Roles are created
   • Create Management Role Alert – When active, sends an alert to subscribers when EmpowerID creates a new Management Role from the policy (default: Hierarchy Create Management Role alert)
   • Delete Management Role Alert Active – Select to send alerts when Management Roles are deleted
   • Delete Management Role Alert – When active, sends an alert when EmpowerID deletes a Management Role that was previously created from the policy
   • Membership Change Alert Active – Select to send alerts when Management Role membership changes
   • Membership Change Alert – When active, sends an alert when the membership of a Management Role created by the policy changes (default: Hierarchy Management Role Membership Changed alert)
   note

   Management Roles are only deleted automatically when the Empty Management Role Action is set to Delete and the role has no members.

8. Click Save.

Results

After creating and running the policy:

• Management Roles are automatically created for each unique value of the specified attribute
• People with matching attribute values are automatically assigned to the corresponding Management Roles
• As attribute values change in the authoritative source, role assignments are automatically updated
• Empty roles are handled according to the configured Empty Management Role Action
• Configured alert subscribers are notified of role creation, deletion, and membership changes

Related Topics

• About Dynamic Hierarchies – Overview of Dynamic Hierarchies capabilities
• Two-Level Management Roles – Create nested Management Role structures
• Role-Based Group Memberships – Use Management Roles for group membership