Roles

Edit online

A role in ISVG-GOV represents the set of permissions or accesses assigned to a user. The roles and its related configurations that are managed via AGC - Manage - Roles in IGI can be exported via the IGI Migration utility.

Overview

Read more about roles in IGI here.

The IT Role and Business Role available in IGI would be mapped to Application Role and Organizational Role respectively in IVIG. The permissions in IGI would be mapped to service groups. It is thus important to plan the migration of services and reconcile the corresponding service groups before migration of the roles.

Entities

Below are the different types of entities related to roles which can be extracted from IGI.
Organization roles

The business roles in IGI along with their composition are fetched using "igi.roles.sql.organization-roles" property in igisql.properties. The value of this query can be customized as per requirement. This report describes the details of business roles including role name, owner, description, etc. along with its associated child business/application roles and permissions. These details can be further imported into IVIG.

Application roles
The application roles in IGI along with their composition are fetched using "igi.roles.sql.application-roles" property in igisql.properties. The value of this query can be customized as per requirement. This report describes the details of application roles including role name, owner, description, etc. along with its associated child application roles and permissions. These details can be further imported into IVIG.
Note: For above two entities, ensure that the associated services are created and reconciled before proceeding with role import in IVIG. Additionally, accesses should also be defined on the service groups which are used as children in either application or organizational roles.

Role configurations

Below are the different types of role configurations which can be extracted from IGI.
External roles

The roles associated with custom applications are defined as "Profile" type of roles. Additionally, attributes from a target system mapped to permissions in Verify Governance are also defined with type as Profile. This report gives information about such type of roles with type as Profile and are also called as External roles. This report is obtained using "igi.roles.sql.external-roles" property in igisql.properties.

Permissions

The entitlements associated with a connector are represented as permissions. These are obtained by reconciling the corresponding connector. These can be retrieved from IGI using "igi.roles.sql.permissions" property in igisql.properties.

Admin roles

These are the administrative roles in IGI which are created by users or are available out of the box with the product. These roles are managed in IGI via AGC - Configure - Admin Roles. Read more about Admin roles here. This report is generated using the "igi.roles.sql.admin-roles" property in igisql.properties.