Automatic Role Assignments of Employees

Good afternoon

I was wondering how one would go about setting up automatic role assignments based on the position (extracted from HCM) of the person. As quoted from the 7.1 features guide document in the following link [New Features of SAP NetWeaver Identity Management 7.1 - Details (RKT Teaser)] on page 51 it says that

IDM 7.1 will be able to

Automatically determine the business role of an employee, e.g. based on organizational assignment (job/position). Approve / verify this assignment via workflow.

One way that is obvious is using dynamic groups to determine which users belong to a certain role based on their position attribute and have this dynamic group autoassigned to the relevant role. This means that for every position you will have to set up a dynamic group, and have it autoassigned to the relevant business role, sounds tedious :(.

The other way would be to add an event task to the position attribute, so when the position value changes it triggers a task to remove the old business role and add the new one, how it knows which role to add would probably be based on the position name, given that the business roles are set up to have the same name as the position name in hcm.

Am I on the right track? What other ways can you achieve automated role assignments?

Thanks and regards

Leo