Skip to main content

Example Four: Matching and Target Roles

An application can temporarily add some of its users to a set of roles using matching and target roles. If the user is a member of the matching role when entering the application, the application adds the user to the target roles. When users exit the application, they lose their membership in the target roles.

The following example demonstrates creating a matching role and target role for the /csp/user application.

  1. Open the /csp/user web application definition.

  2. Click the Matching Roles tab. Then do the following:

    1. Select SecurityTutorialRole from the Select a matching role drop down list. Select a role from the Available column on the left of the form, for example, %Developer.

    2. Click the arrow in the middle. This displays the role on the Selected column on the right.

      Red boxes highlighting Matching Roles tab, Select a Matching role drop-down list, Selected setting, and Assign button

    3. Click the Assign button.

  3. The top half of the interface shows SecurityTutorialRole as a matching role and %Developer as the target role.

    %Developer is the Target Role added to Matching Role on the Matching Roles tab

  4. Execute the GET request again, still using the JSmith credentials. You will see that %Developer has been added to the set of roles.

    Body of Postman response with username and roles


If a user is already a member of a target role before entering the application, then the application does not assign the user to any new roles and does not remove the user from any roles.

FeedbackOpens in a new tab