====== Modules - Recertification [rec] ======

<- .:modules_crt |  ^ .:start | Documentation ^ .:modules_sms ->

{{tag> recertification role}}

Role recertification module approves assigned user roles **again**.

When user has a lot of assigned roles for a long time, we want to check these assigned roles periodicaly (in a half year interval for security reasons), if some assigned role has to be already removed. Currently valid manual direct assigned roles are checked - only manual roles can be assigned and stay assigend, after user is changed some way (e.g. user contract is exluded, work position was changed).

{{ :devel:documentation:rect.jpg?nolink |}}
<note tip>CzechIdM version >= 9.7.0 is required.</note>
===== Terminology =====

  * Recertification **action** - recertification action (bulk action) creates recertification requests. Action can be executed from user or role table.
  * Recertification **request** - recertification request is created for single user contract or role (by recertification type, see below) an contains items.
  * Recertification **item** - single assigned role, which schould be apporoved in recertification request. Item = assigned user role can be approved (~recertificated) or removed. 

===== Recertification types =====

Recertification type defines, who can approve role recertification request and define request content:

  - **Approve by user contract manager** (''CONTRACT'') - recertification request is created for each user contract included in recerrrtification action. Managers defined by user contract can approve this request.
  - **Approve by role guarantee** (''ROLE'') - recertification request is created for each role included in recerrrtification action. Role guarantees defined by user or by role can approve this request.

<note important>When **no approver** is found for given request, then **recertification is blocked** after creation - apporovers have to be configured properly by the recertification type and then recertification action can be executed again.</note>



===== Future improvements =====

- [[https://redmine.czechidm.com/issues/1760|#1760]]: Move tab from identity detail to roles tab.
- [[https://redmine.czechidm.com/issues/1759|#1759]]: Run recertification action again.

===== Read More =====

==== Admin guide ====
  * [[devel:documentation:modules_rec:adm:security| Security]]
  * [[devel:documentation:modules_rec:adm:configuration| Configuration]]

==== Admin tutorial ====
  * [[tutorial:adm:module_recertification| Module - Recertification]]

==== Devel guide ====
  * [[devel:documentation:modules_rec:dev:filters| Filters]]