Configure by file
The Configure by file functionality creates and maintains the configuration of permission assignments, roles of groups assignments, and group mapper assignments in MACMA in a single file. It is designed to simplify the management of access rights with an external IdM.
The following things are created or updated in MACMA when importing the Excel file (marked with blue color in the image below):
-
Role to resource assignments
-
Organization roles
-
Group to role assignments
-
Groups
-
Group mappers
Structure of the Excel file
The Excel contains these worksheets:
| Worksheet | Description |
|---|---|
Shows general information about the content and structure of the configuration file. |
|
Lists resources and which roles are permitted to use it based on the resource’s privileges. |
|
Lists roles assigned to groups. |
|
Mapping of a user’s MACMA group membership based on claim values from an identity provider. |
Summary Worksheet
This worksheet provides an overview of the configuration file. It includes general information about the organization, the Configuration prefix, and the Identity Providers used in the Organization.
| Field | Description | ||
|---|---|---|---|
Organization |
Organization name. |
||
ID |
Organization identifier. |
||
Date |
Export date. |
||
Configuration Prefix |
Prefix for created system entities, also used to differentiate configurations.
|
||
Identity Provider |
List of identity providers and their aliases in the organization. Use one of these aliases in the Group Mapping worksheet. |
Roles and Permissions Worksheet
The worksheet is structured in a matrix format, where each row represents a resource from an application, and each column represents a role. The cells at the intersection of a role and a privilege indicate the permissions granted to that role for that resource privilege.
The resources are grouped by the modules they belong to. This is indicated by the Module column and the green background color.
A Resource row contains all information and the privileges that are available for that resource. The Privileges are add, read, modify, delete, and execute.
The MACMA Organization Role column is used to assign a role to a privilege of a resource. This can be done via the checkboxes in the intersecting cell.
|
If a role is checked for a privilege, it means that the role has the privilege assigned for that resource. If a role is not checked, it means that the role does not have the privilege assigned for that resource. |
|
Only the MACMA Organization Role column can be used to assign roles to privileges. An application role cannot be assigned to a privilege. |
Roles of Group Worksheet
This worksheet assigns roles to groups (including application roles). The matrix format uses rows for Groups and columns for roles. A checked cell at the intersection indicates the role is assigned to that group.
|
The rows define a group tree. The hierarchy levels are separated by a slash |
|
Unlike the Roles and Permissions worksheet it is possible to assign application roles to a group. |
Group Mapping Worksheet
This worksheet maps MACMA Groups to an external IDM value, critical for IDM integration.
| Column | Description | ||
|---|---|---|---|
MACMA Group |
MACMA group mapped to the Mapped Claim Value.
|
||
IdP Alias |
Identity provider alias for the mapper. |
||
Mapper Name |
Mapper name in MACMA. |
||
Mapped Claim Key |
Claim key to extract the claim value (usually groups). |
||
Mapped Claim Value |
Claim value used to map the external IDM group to the MACMA group (user’s ID or sAMAccountName, depending on IdP configuration). |
|
This worksheet is crucial for the identity provider integration. It ensures that users are assigned to the correct MACMA group based on their identity provider claims. The Mapped Claim Value must match the claim value provided by the identity provider for the user. |
For more information, see Identity Providers and Mappers.