User Management Scenarios#
This section provides details on the actions that are carried out when a user is managed, given the absence or presence of the same user in VOSS Automate applications or LDAP.
Add User Sync Scenarios#
The table below details add and update scenarios when a user is added that may exist on VOSS Automate, applications or LDAP and the default Sync Source precedences apply. The cases are:
if either the user exists or does not exist on LDAP
if either the user exists or does not exist on any application that is a sync source (APP SOURCE)
Field sync takes place according to:
Sync Source - see User Sync Source.
the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS Automate:
that exists on a sync source
has mapped fields
has a higher precedence than LOCAL (VOSS Automate) data
the data of these fields will be updated from the sync source and not the user input added in VOSS Automate. The Admin Portal would typically render these fields read-only.
The detailed scenarios for the operation: adding a user (model: relation/User) are:
|
|
|
Hierarchy |
Action |
User Sync Source |
|---|---|---|---|---|---|
Y |
same as user |
Error: user exists |
|||
current |
Create |
LOCAL |
|||
Y |
same as LDAP user |
Create |
LDAP |
||
Y |
same as APP user |
Create |
APP SOURCE |
||
Y |
Y |
same as APP user |
Create |
LDAP |
|
Y |
below LDAP user hierarchy |
Create |
LDAP |
||
Y |
below APP user hierarchy |
Create |
APP SOURCE |
||
Y |
Y |
below APP user hierarchy |
Create |
LDAP |
|
Y |
above LDAP user hierarchy |
Error: Create User Log entry with message |
LDAP |
||
Y |
above APP user hierarchy |
Error: Create User Log entry with message |
APP SOURCE |
||
Y |
Y |
above APP user hierarchy |
Error: Create User Log entry with message |
LDAP |
Update User Sync Scenarios#
The table below details data sync sources and update actions when a user is updated and the default Sync Source precendences apply. The cases are:
if either the user exists or does not exist on LDAP
if either the user exists or does not exist on any application that is a sync source
Field sync takes place according to:
the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS Automate:
that exists on a sync source
has mapped fields
has a higher precedence than LOCAL (VOSS Automate) data
the data of these fields will be updated from the sync source and not the user input added in VOSS Automate. The Admin Portal would typically render these fields read-only.
The detailed scenarios for the operation: updating a user (model: relation/User) are:
|
|
|
Hierarchy |
Action |
User Sync Source |
|---|---|---|---|---|---|
Y |
same as user |
Update |
LOCAL |
||
Y |
Y |
same as user or LDAP user |
Update Update |
LDAP |
|
Y |
Y |
same as user or APP user |
Update Update App/User using reverse App map |
APP SOURCE |
|
Y |
Y |
Y |
same as any of user, APP LDAP user |
Update Update Update App/User using reverse App map |
LDAP |
Y |
Y |
below user or LDAP user |
Update Update |
LDAP |
|
Y |
Y |
below user or APP user |
Error: Create User Log entry with message RBAC issue |
APP SOURCE |
|
Y |
Y |
Y |
below any of user, LDAP, APP user |
Error: Create User Log entry with message RBAC issue |
LDAP |
Y |
Y |
above user or LDAP user |
Error: Create User Log entry with message |
LDAP |
|
Y |
Y |
above user or APP user |
Error: Create User Log entry with message |
APP SOURCE |
|
Y |
Y |
Y |
above any of user, LDAP, APP user |
Error: Create User Log entry with message |
LDAP |
LDAP Add Sync Scenarios#
The table below details data sync sources and update actions when an LDAP user is added and the default Sync Source precendences apply. The cases are:
if either the user exists or does not exist on LDAP
if either the user exists or does not exist on VOSS Automate or any application that is a sync source
Field sync takes place according to:
the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS Automate:
that exists on a sync source
has mapped fields
has a higher precedence than LOCAL (VOSS Automate) data
the data of these fields will be updated from the sync source and not the user input added in VOSS Automate. The Admin Portal would typically render these fields read-only.
The detailed scenarios and actions for the operation: syncing an LDAP user (sync source is always LDAP) are:
|
|
|
Hierarchy |
Action |
|---|---|---|---|---|
Y |
same as user |
Update |
||
Create |
||||
Y |
same as LDAP user |
Error Create User Log entry with message Purge current LDAP user |
||
Y |
same as APP user |
Create Update Update APP data based on sync source |
||
Y |
Y |
same as LDAP or APP user |
Error Create User Log entry with message Purge current LDAP user |
|
Y |
below user |
Update Move LDAP user to
|
||
Y |
below LDAP user |
Error Create User Log entry with message Purge current LDAP user |
||
Y |
below APP user |
Create Update Update APP data based on sync source Move |
||
Y |
Y |
below LDAP or APP user |
Error Create User Log entry with message Purge current LDAP user |
|
Y |
above user |
Error Create User Log entry with message Purge current LDAP user |
||
Y |
above LDAP user |
Error Create User Log entry with message Purge current LDAP user |
||
Y |
above APP user |
Create Update Update APP data based on sync source |
||
Y |
Y |
above LDAP or APP user |
Error Create User Log entry with message Purge current LDAP user |
|
Y |
Y |
above user or APP user |
Create Update Update APP data based on sync source |
LDAP Update and Delete Sync Scenarios#
The table below details data sync sources and update actions when an LDAP user is added and the default Sync Source precendences apply. The cases are:
if either the user exists or does not exist on LDAP
if either the user exists or does not exist on VOSS Automate or any application that is a sync source
Field sync takes place according to:
the User Field Mapping that applies - see: User Field Mapping.
Important
Sync Source precedence may override user input. If you update a user on VOSS Automate:
that exists on a sync source
has mapped fields
has a higher precedence than LOCAL (VOSS Automate) data
the data of these fields will be updated from the sync source and not the user input added in VOSS Automate. The Admin Portal would typically render these fields read-only.
The detailed scenarios and actions for the operation: deleting an LDAP sync - manually (M) or automatically (A) - are:
Operation |
|
|
|
Action |
User Sync Source |
|---|---|---|---|---|---|
LDAP DELETE SYNC (M) |
Y |
Y |
Update |
LOCAL |
|
LDAP DELETE SYNC (M) |
Y |
||||
LDAP DELETE SYNC (M) |
Y |
Y |
Y |
Update Update APP data based on sync source Convert CUCM user to local user |
LOCAL |
LDAP DELETE SYNC (A) |
Y |
Y |
Delete |
||
LDAP DELETE SYNC (A) |
Y |
||||
LDAP DELETE SYNC (A) |
Y |
Y |
Y |
Delete Delete
|
The detailed scenarios and actions for the operation: updating an LDAP sync (sync source is always LDAP) are:
|
|
|
Action |
|---|---|---|---|
Y |
Y |
Update |
|
Y |
Create |
||
Y |
Y |
Y |
Update Update APP data based on sync source |