Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:adm:delegation [2020/07/02 11:07]
svandav 		devel:documentation:adm:delegation [2020/10/06 15:30] (current)
svandav [Authorization policies]
Line 10: Line 10:
  
 {{ :devel:documentation:adm:new-delegation.png?600 |}} {{ :devel:documentation:adm:new-delegation.png?600 |}}
 +
 +==== Delegations on the user detail ====
 +
 +A new delegation tab has been added to the user detail. Here the user can create a new delegation and above all he sees an overview of all his delegations and also the delegations that delegate to him.
 +
 +{{ :devel:documentation:adm:use-delegation-tab.png?800 |}}
 +
 +<note important>All types of delegations are displayed here, including manually delegated tasks.</note>
 +
 +<note important>As a **delegator**, a user can select any user to whom he has the **autocomplete right** (he can select it in the selectbox).</note>
 +
 +==== List of delegated tasks ====
 +
 +In the detail of the delegation it is possible to see all tasks that have been delegated within the given delegation. Ie. as a user you have an overview of how many tasks have been delegated and in what state they are now.
 +
 +The state can take the following states:
 +  * **In progress** - The task was delegated and isn't completed yet.
 +  * **Executed** - The task was delegated and completed.
 +  * **Canceled** - The task was delegated and canceled (workflow was deleted).
 +
 +{{ :devel:documentation:adm:delegation-instances.png?800 |}}
 +
  
 ==== Delegation type ==== ==== Delegation type ====
Line 17: Line 39:
 **In the product are by default three delegation types:** **In the product are by default three delegation types:**
   * **Default delegation for all tasks** - It will be used for all tasks for which no other delegation is defined (with a more specific type).   * **Default delegation for all tasks** - It will be used for all tasks for which no other delegation is defined (with a more specific type).
-  * **Tasks approving role assignments by a manager** - This type is used exclusively for tasks that are created as part of a role assignment approval workflow(approve-role-by-manager). This type is unique due to the definition of the delegate not only by the user but also by his contract. Thanks to this, we are able to create delegations for each delegator's contract. This will ensure that the resulting delegate will be selected on the basis of the delegator's contract (where the applicant's contract will be subordinate to the delegator's contract).+  * **Tasks approving role assignments by a manager** - This type is used exclusively for tasks that are created as part of a role assignment approval workflow (**approve-role-by-manager**). This type is unique due to the definition of the delegate not only by the user but also by his contract. Thanks to this, we are able to create delegations for each delegator's contract. This will ensure that the resulting delegate will be selected on the basis of the delegator's contract (where the applicant's contract will be subordinate to the delegator's contract).
   * **Manual task delegation** - It is created automatically on using the delegate operation over the agenda of assigned tasks. **This type cannot be selected manually by user.**   * **Manual task delegation** - It is created automatically on using the delegate operation over the agenda of assigned tasks. **This type cannot be selected manually by user.**
  
 +The relation between a specific type of delegation and a workflow process is realized by modifying the definition of workflow, where it is possible to add code of the type of delegation, according to which we want the tasks of the process to be delegated. If the workflow process does not contain any delegation type or there is no delegation definition for it, then delegations are searched for the default delegation type (**Default delegation for all tasks**).
  
-<note tip>The default delegation type delegates all **approval tasks**.</note> 
  
-==== Delegations on the user detail ====+For example workflow process **approve-role-by-manager** contains this delegation type: 
 +<code xml> 
 +    <dataObject id="delegationType" name="delegationType" itemSubjectRef="xsd:string"> 
 +      <extensionElements> 
 +        <activiti:value>approve-role-by-manager-delegation-type</activiti:value> 
 +      </extensionElements> 
 +    </dataObject> 
 +</code>
  
-A new delegation tab has been added to the user detail. Here the user can create a new delegation and above all he sees an overview of all his delegations and also the delegations that delegate to him. +<note tip>The default delegation type delegates all **approval tasks**.</note>
- +
-{{ :devel:documentation:adm:use-delegation-tab.png?800 |}} +
- +
-<note important>All types of delegations are displayed here, including manually delegated tasks.</note>+
  
 ===== Manual delegation ===== ===== Manual delegation =====
Line 62: Line 87:
 <note important>Tasks can be delegated to any user who can be selected in the select box. In other words, the user can delegate to a user to whom he has the **autocomplete** permission.</note> <note important>Tasks can be delegated to any user who can be selected in the select box. In other words, the user can delegate to a user to whom he has the **autocomplete** permission.</note>
  
-==== Future improvements ====+ 
 +===== Authorization policies ===== 
 + 
 +Default settings of permissions for delegations are defined in the role '**Delegation (delegationRole)**'
 + 
 +<note tip>You can see a detailed configuration of evaluators with comments here: 
 +[[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-impl/src/main/java/eu/bcvsolutions/idm/core/model/event/processor/module/InitDelegationRoleProcessor.java#L106-L202 
 +|InitDelegationRoleProcessor]]</note> 
 + 
 + 
 +===== Future improvements =====
 <note tip >The manually created delegation definition should be deleted after deleting the last link to the task.</note> <note tip >The manually created delegation definition should be deleted after deleting the last link to the task.</note>
 <note tip >After reassigning the task, also send a notification to the delegator.</note> <note tip >After reassigning the task, also send a notification to the delegator.</note>
  
 +===== Limitations =====
 +
 +<note important>By default (in standard process for **change permissions**), the rule is that if the logged-in user is the implementer of the request (the one who submitted it) and at the same time is one of approvers, then this task is **skipped** (approval is assumed). However, **this rule does not apply in the case of delegation** (ie if the delegate is both the approver and the implementer, the task will be created and assigned).
 +</note>
 +
 +<note important>If one approval task is delegated more than once, or for more approvers, then **only the last delegation's business card** is displayed in the task detail.</note>
 +
 +<note important>**Delegation works only on first level**. So if user **A** delegates to user **B**, and at same time user **B** delegates to user **C**, then it doesn't mean that all tasks from **A** are now delegated to user **C**!</note>
  
 ===== Main guide ===== ===== Main guide =====
   * [[..:delegation|]]   * [[..:delegation|]]
  
  • by svandav