16.9 Downloading and Importing Technical Roles

You can download technical roles and import them later into an Identity Governance environment. The download will either generate a single JSON file or a zip file depending on the options you select during download, such as associated applications and assigned categories. In addition to downloading the role definitions, you can download the list of roles as a CSV file.

To download or import technical roles:

  1. Log in as a Customer, Global, or Technical Roles Administrator.

  2. Under Catalog, select Roles.

  3. To download a list of technical roles with name, description, and state as a CSV file, select Actions > Download all as CSV on the Roles tab.

  4. To download one or more role definitions:

    1. Select one or more policies from the list, then click Actions > Download Definitions.

    2. Type the role name or a meaningful description.

    3. (Optional) Include references to technical role owners and download associated applications and assigned categories.

    4. Select Download.

  5. Select the download icon on the top title bar to access the saved files and download the files.

  6. (Optional) Delete the downloaded files from the download area in Identity Governance.

    If you do not manually delete files, Identity Governance will automatically delete them based on your default download retention day settings. For information about customizing download settings, see Section 3.9, Customizing Download Settings.

  7. If you make changes, or want to import previously downloaded technical roles into another environment, select Import Technical Roles on the Roles tab.

  8. Navigate to the technical roles JSON or zip file, select the file to import, then click Open.

    Identity Governance detects whether you are importing new or updated roles and whether the updates would create any conflicts or have unresolved references.

    Identity Governance adds an indicator to technical roles that cannot be resolved because a match for a referenced object was not found in the system. Importing before the roles are resolved will result in incomplete roles with some missing permissions. If an indicator appears next to a role in the import view, inspect these roles and ensure that they map properly in the target system.

  9. Select how to continue based on what information is displayed.

    NOTE:After importing roles, you must activate them for Identity Governance to recognize the users that hold the permissions as members of a technical role. For more information, see Section 16.6, Activating Technical Roles.

  10. (Conditional) If you import more than the preconfigured threshold for the number of roles that can be displayed on the import page, Identity Governance will switch to bulk import mode. When in bulk mode, instead of selecting whether to create, update or handle conflicts for specific roles, you can select to import all new roles and update all existing roles. For conflicts, you can choose to either overwrite existing roles or create new roles.

    NOTE:The default value for roles that can be displayed is 200 or the value specified in com.netiq.iac.importExport.maxImportsToDisplay property.

  11. (Optional) Download the auto-generated import report from the download area. The import report will identify what was imported as well as call out any unresolved references.