Dynamic Roles

Roles (and permission lists) can be assigned to users dynamically in PeopleSoft using dynamic role rules. The logic used to assign a dynamic role can be in the form of query, PeopleCode or directory (e.g. LDAP) rule.

The application engine program DYNROLE_PUBL assigns dynamic roles by using the logic in the query, PeopleCode or directory rule to obtain a list of operator IDs. The role itself is assigned by the ROLESYNCHEXT_MSG service operation through internal messenging and integration broker.

You can see which dynamic roles are assigned to a user in the user profile page under the roles tab like any other role. You can also open the dynamic role and view dynamic members (users) of that role. Both areas allow you to test and execute the dynamic role rule. The test rule button returns users that will be given the dynamic role, however it does not assign the role. The execute rule actually assigns the dynamic role by running the DYNROLE_PUBL application engine program.

In addition to using a dynamic role to assign security through one or more permission lists, you may also want to use a dynamic role simply as a tag.

For example you might give students a dummy role of Alumni if they have completed a degree at your University. The logic to determine whether they have completed a degree could be in the form of a query or PeopleCode rule. As students are awarded degrees, they are automatically given the dynamic role. If for some reason, a degree is withdrawn, the role will automatically be removed.

PeopleCode could then simply check if a user has the dummy Alumni role and then show or hide appropriate functionality.

It is important to know that dynamic roles are added and removed automatically based on the results of the rule. You only need to write the rule to determine those operators that should get the role. PeopleSoft will add the role to those users that meet the rule criteria and remove it from those users that have the dynamic role but no longer meet the rule criteria. For example a student with an Alumni dynamic role, who has had their degree withdrawn would lose that role dynamically.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License