Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
devel:documentation:identities [2019/06/25 08:48] tomiskar [Identity state] |
devel:documentation:identities [2019/08/14 12:20] doischert |
||
---|---|---|---|
Line 5: | Line 5: | ||
{{ : | {{ : | ||
- | The representation of a user in CzechIdM system is an entity called **identity**. Put simply, an identity can be described as a user registered in CzechIdM with all his attributes e.g. first name, surname, phone number, etc. The identity representation is rather complex discipline. To be able to handle automatic identity lifecycle processes CzechIdM | + | The representation of a user in CzechIdM system is an entity called **identity**. Put simply, an identity can be described as a user registered in CzechIdM with all his or her attributes e.g. first name, surname, phone number, etc. The identity representation is a rather complex discipline. To be able to handle automatic identity lifecycle processes, CzechIdM |
{{ : | {{ : | ||
Line 11: | Line 11: | ||
===== Contracts ===== | ===== Contracts ===== | ||
- | The relation of identities in CzechIdM | + | The relation of identities in CzechIdM |
* **job contract** for work – employees | * **job contract** for work – employees | ||
* **study** – pupils/ | * **study** – pupils/ | ||
* **contract/ | * **contract/ | ||
* etc. | * etc. | ||
- | A user can have many contracts. A contract is in relation with other objects in CzechIdM: | + | A user can have multiple |
* **Identity** – described above | * **Identity** – described above | ||
* **Tree structure** – a contract can be added to a tree (organizational) structure, which effectively allows integrating the user into a hierarchical division in an organization. | * **Tree structure** – a contract can be added to a tree (organizational) structure, which effectively allows integrating the user into a hierarchical division in an organization. | ||
- | * **Roles** – roles in CzechIdM are assigned to contracts, i.e. a user gets roles through their contracts. Due to this, all manually created identities can (application option) | + | * **Roles** – roles in CzechIdM are assigned to contracts, i.e. a user gets roles through their contracts. Due to this, all manually created identities can have one automatically prepared contract called **Default**. |
<note important> | <note important> | ||
Line 25: | Line 25: | ||
===== Identity state ===== | ===== Identity state ===== | ||
- | Identity life cycle is controlled by state. State is changed automatically by system - when identity is created, contract to identity is added or removed etc. | + | Identity life cycle is controlled by identity' |
Identity states: | Identity states: | ||
- | * **created** - identity is enabled. State is assigned to newly created identity. | + | * **created** - identity is enabled. State is assigned to a newly created identity. |
* **no contract** - identity is disabled. Identity doesn' | * **no contract** - identity is disabled. Identity doesn' | ||
* **future contract** - identity is disabled. Identity has valid contract in the future, but not now. | * **future contract** - identity is disabled. Identity has valid contract in the future, but not now. | ||
- | * **valid** - identity is enabled. Identity has valid contract. | + | * **valid** - identity is enabled. Identity has a valid contract. |
* **left** - identity is disabled. Identity has invalid contracts only. | * **left** - identity is disabled. Identity has invalid contracts only. | ||
- | * **excluded** (~disabled) - identity is exclued | + | * **excluded** (~disabled) - identity is excluded |
- | * **disabled manually** - identity is disabled manually, e.g. by administrator / synchronization. Manually disabled identity can be enabled | + | * **disabled manually** - identity is disabled manually, e.g. by administrator / synchronization. Manually disabled identity can be enabled again only manually |
- | When identity | + | When an identity |
===== Password ===== | ===== Password ===== | ||
- | In CzechIdM | + | In CzechIdM, user password |
Line 46: | Line 46: | ||
{{tag> | {{tag> | ||
- | On many projects, we encounter a source of data about users, employees or org. structures that work with so-called time slices. | + | On many projects, we encounter a source of data about users, employees or org. structures that use so-called time slices. |
- | **The basic idea** is that time slices are stored in a self-contained agenda. This agenda only contains time slices for identity contracts. If a given slice is currently valid, its values will be **copied into the linked identity contract**. **Every day** a scheduled task is performed, which calculates | + | **The basic idea** is that time slices are stored in a self-contained agenda. This agenda only contains time slices for identity contracts. If a given slice is currently valid, its values will be **copied into the linked identity contract**. **Every day**, a scheduled task is performed, which calculates |
- | <note important> | + | <note important> |
- | **More information** about contract time slices | + | **More information** about contract time slices can be found in the developer |
- | ==== Protection of the contract | + | ==== Protection of the validity |
{{tag> | {{tag> | ||
- | Sometimes there may be a situation where one of the time slices **ends** the contract, and at the same time there is a next time slice that **restarts** this contract. If there is no gap between termination and restart, then the contract will not terminate | + | Sometimes there may be a situation where one of the time slices **ends** the contract, and at the same time there is a next time slice that **restarts** this contract. If there is no gap between termination and restart, then the contract will not be terminated |
- | However, in some situations (projects), it is required to use the **protection period** for which the contract will **not be terminated**, | + | However, in some situations (projects), it is required to use the **protection period** for which the contract will **not be terminated**, |
- | **More information** about this protection | + | **More information** about this protection can be found in the developer |
====== Read more ====== | ====== Read more ====== | ||