← .:modules_comp | .:start | Documentation ^ .:caching | →
The module for managing property and licences (prp module) is a tool for creating sets of property or licences and assigning them to individual users. Since CzechIdM already has data about users and often manages the systems for which you purchase licences, it is a great idea to use it to manage your licences and property as well.
Imagine you have a system managed from CzechIdM which has a limited number of licences available. Each licence cost you money. It would be great if you only paid for the licences you need…
Let's say that you manage Microsoft Office 365 licences simply by adding users as members of a group in MS AD. You have 30 licences for 'Microsoft Office 365 Enterprise E1' but if you use them all, provisioning will fail for the next user. But with this module, this is not an issue. The role assigning this licence will not be added to the user until a licence is available. Also, the set guarantors are notified that more licences are needed.
With this module, you can see how many licences you have in total and how many are available. Perhaps you pay for more licences than you really use. Or maybe you are hiring and you know you will need five more licences so you can purchase them in advance.
Since the module is using data from the HR system, once a user leaves the company, their licence is made available for the next user. This all happens without any action on your side.
Let's say that in your company every developer is given a more powerful laptop than regular employees usually get. With our module, this assignment can be automated thanks to automatic roles. If the user is on a position "Developer" or in some defined treenode, the module can automatically ensure that he will get the more powerful laptop.
Sets of laptops can be configured so that the set owner decides which laptop each developer will receive and record it's S/N.
Using EAV attributes, you can add any number of data about the computer - its manufacturer, OS, the date it was purchased, or its price. And just like with licences, you know how many laptops are available at any time.
There are two main objects to consider: a set (of properties or licences), and a property (or a licence). Most of the behaviour is defined within sets. Each property must belong to a set.
A set is a collection of property or licences. For each set it can be configured whether all items in set are equal/indistinguishable (like in licence pool where only used licence count is important) or unique/distinguishable (like set of laptops where every user is responsible for the one received so there must be agenda of who got what). The behavior and property of items are defined in the set.
An example of a set can be for example 'Microsoft Office 365 Enterprise E1 licence' or 'Laptops for developers'. Each property must be saved within a set.
An ideal set should be:
There are three configuration flags:
Property or licence in a set is assigned to users thanks to role assignment. When the user is assigned the role, they also receive the item from the set. This allow users to use more advanced features such as automatic roles, approval or business roles.
Start by creating the role itself. Set role can be easily created in set detail, see here .
Each role can only be used for one set, i. e., one role cannot assign items from two sets. If this is necessary, use business roles instead.
Since version 1.1.0, if the role is assigned to users before a set role is created, the relevant property will be assigned to users if enough items is available. If not, set role cannot be created and either the role needs to be removed from users or more items need to be added to the set.
Since version 1.2.0, you can choose in set settings whether first available property is assigned with role (unchecked "Select property to assign") or request is created for set guarantees to choose property to be assigned (checked "Select property to assign). Moreover you can choose whether just one property is assigned even by assigning multiple different roles to user (unchecked "Multiple items per user") or each different role assigns its own property (checked "Multiple items per user").
Each set can have its own owners (guarantors), whose responsibility it is to ensure the condition of their sets. See more details here.
When the items in a set are running out, a notification can be sent to guarantors. This is ensured by the task 'Send notification to set guarantors when items in sets are running out'. By default, it is configured to run daily and notify guarantors when fewer than 3 items in the set are remaining. This setting can be globally changed in the Task scheduler.
When no items are available in a set and a user is assigned a set role, a notification is sent to the guarantors to fix the situation because in those cases, the role is not added to the user. See more details here.
You can create a report of all sets and get a nice overview of each set including information about guarantors, roles and the amount of property. See more details here.
You can use a task to import sets. This is useful if you have a large number of sets. See more details here.
Property is an object assigned to users (licence is also a property). A property always must be located in a set. Once the property is created, its set cannot change. Property has some existing attributes (description, serial number), or you can easily create your own using EAV attributes.
Property can also be disabled. If a user is assigned the property already, nothing happens. But if the property is not assigned, it will not be assigned again until it is enabled.
There are two ways of creating new a property or licence: individually, or in bulk.
When creating an item individually, you can fill all the data relevant to the property or licence using the standard menu:
When creating items in bulk, you only specify how many items are to be created. Their code and names are then generated based on the code of the set:
Property is assigned to users simply by assigning a role which is configured in set detail. After the role assignment is approved, in case "Select property to assign" is unchecked, the property is assigned to the user (if available), in case "Select property to assign" is checked, request is created for set guarantees to choose property to be assigned.
In case "Select property to assign" is unchecked, if no property is available in the set, the role is not assigned and set guarantors are notified. If the relevant role is assigned to the user thanks to a business role, then the entire business role will not be assigned. Once property becomes available (either new property is added, or existing property is unassigned from a user), both the role and the property are assigned.
In case "Multiple items per user" is unchecked, a user can only be assigned one item in a set. If they are assigned another set role for the same set, they will not receive another property. In case "Multiple items per user" is checked, every set role for the same set assignes different item from the set.
Since version 1.2.0, an item assigned to a user can be swapped for a different one. It can be performed by action button "Swap item" from table of items:
or from detail page of the assigned item:
These buttons will pop up modal dialog with prefilled readonly currently assigned item and select box for new item to be assigned instead (you can choose from all unassigned enabled items from the same set):
In case item has serial number filled, you can see it there as part of item name.
Property itself does not cause provisioning. Use standard role configuration to ensure provisioning. You can also prevent provisioning if no item in a set is available. This is thanks to the fact that in such cases the role is not assigned to the user.
Each set can have its own attributes to which you can create values for individual property. This allows you to have a different set of attributes for cars, mobile phones, or licences. See this GIF to learn how to add new attribute to items in a set.
You can create a report of all property and get a nice overview of property in sets including information about assignment to users. See more details here.
You can use a task to import property. This is useful if you have a large number of property. See more details here.
See more details here.
Version | Features | CzechIdm version | Released |
---|---|---|---|
1.0.0 | First release | 10.8.3 | 21. 05. 2021 |
1.0.1 | Bug fixes (https://redmine.czechidm.com/versions/265) | 10.8.3 | 07. 09. 2021 |
1.0.2 | Bug fixes (https://redmine.czechidm.com/versions/272) | 10.8.3 | 19. 10. 2021 |