Table of Contents

Module - Recertification

What do you need before you start

Two new agendas were created under main menu Roles→Recertification:

Dashboard

Dashboard with recertification requests was created - it shows unresolved requests, which can be approved by a logged user with appropriate rights. The table of recertification request is the same as below - the default filter shows the currently logged user and only unresolved requests. The dashboard is hidden when no requests are found.

Recertification requests

Request table:

On the recertification request detail there are following tabs:

Recertification actions

Contains requests grouped by recertification action executed by bulk actions.

Identity and role detail

Tab with recertified assigned roles was added to role and identity detail.

READ permission for recertification items is needed. Transitive authorization evaluators (by recertification request and action) were prepared, see the security chapter.

Identity and role table

Bulk action for starting a recertification action is available on identity and role table.

Bulk action modal window

Recertification action name will be filled automatically by selected roles or identities (if more than 15 records is selected, the name will be truncated to prevent long names).
Recertification due date is required and prefilled by configuration.

Notification before recertification ends

Configurable task is standard long running task, configuration is set in task planner. Task search for recertifications with due date near end and send notification.

Configuration

With module, 2 standard script for search recipients are provided:

Hard (force) recertification

For every recertification (since 3.2.0 module version) can be setup boolean flag "Hard recertification". Every recertification will be after the due date checked and all not processed recertification will be processed with new task (RecertificationRemoveRolesTaskExecutor) and role will be removed.

Long running task RecertificationRemoveRolesTaskExecutor isn't planned by default. For hard recertification is required to plan the task at least one per day.

For project that updates from older versions will be for all recertification setup the new hard recertification flag to false = hard recertification disabled.

Long running task RecertificationRemoveRolesTaskExecutor has only one configuration - days after. The paramter days after is for configuration how long after due date by recertification will be roles removed. By default is the parameter zero. This is equivalent to remove roles directly after due date.