Static and dynamic roles

In the case of a dynamic role, the scope of access can be to an organizational unit only or to the organizational unit and its subunits. Dynamic organizational roles use valid LDAP filters to set a user's membership in a specific role. For example, a dynamic role might use an LDAP filter to provide access to specific resources to users who are members of an auditing department named audit123. For example, type:

(departmentnumber=audit123)

Dynamic organizational roles are evaluated at the following times:

• When a new user is created in the Security Identity Manager system
• When a user's information, such as title or department membership, changes
• When a new dynamic organizational role is created