Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:modules_extras [2019/11/01 10:10] doischert |
devel:documentation:modules_extras [2024/05/21 19:25] koulaj |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== CzechIdM - extras ====== | ====== CzechIdM - extras ====== | ||
- | CzechIdM - extras contains various features, which are not suited to be in any other module. List of the currently supported features is bellow. | ||
- | Currently supported CzechIdM version : 9.2.2 | + | CzechIdM - extras contains various features, which are not suited to be in any other module. List of the currently supported features is below. |
+ | |||
+ | Currently supported CzechIdM version : 11.0.x | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ===== Table of compatible versions ===== | ||
+ | |||
+ | ^Extras version | ||
+ | |2.5.0 |idm-core-10.3.3 | ||
+ | |2.6.0 |idm-core-10.4.4 | ||
+ | |2.6.1 | ||
+ | |2.7.0 | ||
===== Developing and releasing ===== | ===== Developing and releasing ===== | ||
- | <note important> | + | |
+ | How to develop a new feature in extras: | ||
+ | |||
+ | - Create a specification page in private section | ||
+ | - Usecases - why we or user need this feature, what problem does it solve? | ||
+ | - Why is it in extras and not in core, or other module? | ||
+ | - Functional specification - how should it work, edge cases | ||
+ | - Ask a module owner, if this feature can be a part of extras and in which version it will be published | ||
+ | - Create ticket | ||
+ | - Implement | ||
+ | - Create merge request to develop | ||
+ | - Get someone from product team, or module | ||
+ | - After successfull review, ask module owner to merge you code | ||
+ | |||
+ | Rules for code review: | ||
+ | |||
+ | * All new features have at least 80 percent test coverage | ||
+ | * All features are documented | ||
+ | * There are no sonar issues in commited code | ||
+ | * Changelog is updated | ||
+ | * Feature is by default turned off (can be enabled either by processor, or configuration property) | ||
+ | |||
+ | <note important> | ||
* When developing, use our standard gitflow: | * When developing, use our standard gitflow: | ||
- | | + | |
- | * Develop on top of the '' | + | * Develop on top of the '' |
- | * Master branch contains tagged releases. | + | * Master branch contains tagged releases. |
- | * The **only** way for code to get into master is by pull request '' | + | * The **only** |
* Release process | * Release process | ||
- | | + | |
- | - Developer creates pull request on GitHub to merge '' | + | - Developer creates pull request on GitHub to merge '' |
- | - Repo admin (or any other authorized user) reviews the pull request, can request changes if necessary. Unresolved TODOs, missing comments, bad codestyle or documentation, | + | - Repo admin (or any other authorized user) reviews the pull request, can request changes if necessary. Unresolved TODOs, missing comments, bad codestyle or documentation, |
- | - If the pull request is OK, repo admin merges it. | + | - If the pull request is OK, repo admin merges it. |
- | - Repo admin creates a new release in GitHub interface, version is set to '' | + | - Repo admin creates a new release in GitHub interface, version is set to '' |
- | - Repo admin pushes release into BCV Nexus. | + | - Repo admin pushes release into BCV Nexus. |
- | - After release, repo admin makes changes on the '' | + | - After release, repo admin makes changes on the '' |
===== Virtual system import LRT ===== | ===== Virtual system import LRT ===== | ||
- | Documentation is available here: [[tutorial: | + | |
+ | Documentation is available here: [[:tutorial: | ||
===== Automatic role definitions - Import of data from CSV LRT ===== | ===== Automatic role definitions - Import of data from CSV LRT ===== | ||
- | Documentation is available here: [[tutorial: | + | |
+ | Documentation is available here: [[:tutorial: | ||
+ | |||
+ | ===== Automatic role definitions - Import all rules LRT ===== | ||
+ | |||
+ | Since module version **1.9.0**. Documentation is available here: [[: | ||
===== Assign roles to contract EAV - Import of data from CSV LRT ===== | ===== Assign roles to contract EAV - Import of data from CSV LRT ===== | ||
- | Documentation is available here: [[tutorial: | + | |
+ | Documentation is available here: [[:tutorial: | ||
===== Roles - Import of data from CSV LRT ===== | ===== Roles - Import of data from CSV LRT ===== | ||
- | Documentation is available here: [[tutorial: | + | |
+ | Documentation is available here: [[:tutorial: | ||
===== Automatic roles - adding role by node in structure ===== | ===== Automatic roles - adding role by node in structure ===== | ||
- | Documentation is available here: [[tutorial: | + | |
+ | Documentation is available here: [[:tutorial: | ||
+ | |||
+ | ===== Create automatic roles by tree structure, based on user's roles LRT ===== | ||
+ | |||
+ | Since module version **2.8.0** | ||
===== Status task ===== | ===== Status task ===== | ||
- | Documentation is available here: [[tutorial: | + | |
+ | Documentation is available here: [[:tutorial: | ||
===== SSO authenticate ===== | ===== SSO authenticate ===== | ||
- | Documentation is available here: [[documentation: | + | |
+ | Documentation is available here: [[:documentation: | ||
+ | |||
+ | ===== Role force provisioning to particular system ===== | ||
+ | |||
+ | The tutorial is available here: [[: | ||
===== Guarantees of roles can assign their roles to everybody ===== | ===== Guarantees of roles can assign their roles to everybody ===== | ||
- | This feature enable that if you are guarantee at least for one role then you will see all users and you can assign/ | + | |
- | You can see all user's roles but you can't change the others for which you are not guarantee | + | This feature enable that if you are guarantee at least for one role then you will see all users and you can assign/ |
For correct behavior you need to configure three new evaluators to userRole: | For correct behavior you need to configure three new evaluators to userRole: | ||
+ | |||
* IdentityAccessForRoleGuaranteeEvaluator | * IdentityAccessForRoleGuaranteeEvaluator | ||
* IdentityRoleAccessForRoleGuaranteeEvaluator | * IdentityRoleAccessForRoleGuaranteeEvaluator | ||
* RoleRequestAccessForRoleGuaranteeEvaluator | * RoleRequestAccessForRoleGuaranteeEvaluator | ||
- | Other thing you need to do is to enable service ExtrasIdmConceptRoleRequestService. This service is by default turned off in extras module. | + | Other thing you need to do is to enable service ExtrasIdmConceptRoleRequestService. This service is by default turned off in extras module. Go to your project modul and create new service which will inherit from ExtrasIdmConceptRoleRequestService and add annotation Primary and Service. |
- | Go to your project modul and create new service which will inherit from ExtrasIdmConceptRoleRequestService and add annotation Primary and Service. | + | |
Update IdmConceptRoleRequestDto is allowed everybody that will change only audited fields or systemState field (this is for update state of whole request after retry mechanism or approving virtual request). | Update IdmConceptRoleRequestDto is allowed everybody that will change only audited fields or systemState field (this is for update state of whole request after retry mechanism or approving virtual request). | ||
===== Report Compare values in IdM with values in system ===== | ===== Report Compare values in IdM with values in system ===== | ||
- | Report will compare value of attributes with connected system. Connected system does not need to be in read only. | + | |
- | More information is available here: [[tutorial: | + | Report will compare value of attributes with connected system. Connected system does not need to be in read only. More information is available here: [[:tutorial: |
===== Notification about the end of identity' | ===== Notification about the end of identity' | ||
- | A notification about the end of identity' | ||
- | More information is available here: [[tutorial: | ||
- | ===== Get titles before and after ===== | + | A notification about the end of identity' |
+ | |||
+ | Edit: full IdmIdentityDto was added for use in a template in 1.7.0 | ||
+ | |||
+ | Edit: Support for technical identities added for use in version 1.9.0 | ||
+ | |||
+ | ===== Notification about the start of identity' | ||
+ | |||
+ | Since version 3.2.3 | ||
+ | |||
+ | A notification about start of identity' | ||
+ | |||
+ | ===== Notification about the change of identity' | ||
+ | |||
+ | Since version 3.4.1 | ||
+ | |||
+ | A notification about a change of identity' | ||
+ | |||
+ | ===== Script split titles before and after ===== | ||
Almost every project receive all titles in one string and IdM allow separates titles before and after. For this case was created in *ExtrasUtils* two methods *getTitlesAfter* and *getTitlesBefore*. And transformation scripts *extrasGetTitlesBefore* and *extrasGetTitlesAfter*, | Almost every project receive all titles in one string and IdM allow separates titles before and after. For this case was created in *ExtrasUtils* two methods *getTitlesAfter* and *getTitlesBefore*. And transformation scripts *extrasGetTitlesBefore* and *extrasGetTitlesAfter*, | ||
- | Dictionary with titles can be setup by configuration properties. Default values exists. | + | Dictionary with titles can be setup by configuration properties. Default values exists |
< | < | ||
- | idm.sec.bee.configuration.titlesAfter="Ph.D.", "Th.D.", "CSc.", "DrSc.", "dr. h. c.","DiS.", "MBA" | + | |
- | idm.sec.bee.configuration.titlesBefore="Bc.", "BcA.", "Ing.", "Ing. arch.", "MUDr.","MVDr.", "MgA.", "Mgr.", "JUDr.", "PhDr.", "RNDr.", "PharmDr.", "ThLic.", "ThDr.", "prof.", "doc.","PaedDr.", "Dr.", "PhMr." | + | idm.sec.extras.configuration.titlesAfter=Ph.D., |
+ | idm.sec.extras.configuration.titlesBefore=Bc., | ||
+ | |||
+ | </ | ||
+ | |||
+ | in version 2.8.0 was added the option to select a separator for source string and for titles before and after values in IdM. | ||
+ | |||
+ | < | ||
+ | idm.sec.extras.configuration.titlesSourceSeparator - a character, that separates titles in the source. Default" | ||
+ | idm.sec.extras.configuration.titlesBeforeSeparator - titles before separator for IdM. Default", " | ||
+ | idm.sec.extras.configuration.titlesAfterSeparator - titles before separator for IdM. Default", " | ||
</ | </ | ||
===== Import automatic roles on tree nodes ===== | ===== Import automatic roles on tree nodes ===== | ||
- | You can use this tool to create automatic roles which are assigned based on the position within the organization structure using a CSV file as a source. | + | |
- | More information is available here: [[tutorial: | + | You can use this tool to create automatic roles which are assigned based on the position within the organization structure using a CSV file as a source. More information is available here: [[:tutorial: |
+ | |||
+ | ===== Groups synchronization workflow ===== | ||
+ | |||
+ | Since module version **1.4.0** | ||
+ | |||
+ | Documentation for configuration is available in [[: | ||
+ | |||
+ | Note: the workflow extrasSyncRoleLdap depends on some services implemented in the extras module, so to use this workflow, you must deploy the whole module to CzechIdM. | ||
+ | |||
+ | ===== Workflow to disable contract on MISSING_ACCOUNT ===== | ||
+ | |||
+ | Setting this workflow (extrasDisableMissingContract) as workflow for action in contract reconciliation will disable contract, when its being synchronized. It can be used for example, in situations when contracts are being deleted from source data after expiration and they keep being stuck in MISSING_ACCOUNT state. | ||
+ | |||
+ | Note: When using this workflow, please consider the possibility that the contracts may " | ||
+ | |||
+ | ===== Groups membership in multi domain (cross domain) AD environment ===== | ||
+ | |||
+ | Since module version **1.8.0** | ||
+ | |||
+ | Documentation is available [[: | ||
+ | |||
+ | ===== Evaluator (permissions) for identities that has relationship on defined organization unit ===== | ||
+ | |||
+ | Since module version **1.9.0**. **Available only on LTS version!** | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Evaluator (permissions) for roles that is inside defined role catalogue ===== | ||
+ | |||
+ | Since module version **1.9.0**. **Available only on LTS version!** | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Import code list and it's items ===== | ||
+ | |||
+ | Since module version **1.9.0** | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Synchronize code list items from end system ===== | ||
+ | |||
+ | Since module version **3.2.0** | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Evaluators (permissions) for Identities and Contracts which are both subordinate and have given projection ===== | ||
+ | |||
+ | Since module version **2.4.0**. | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Workflows for approval of role assignment ===== | ||
+ | |||
+ | Since module version **2.3.0** | ||
+ | |||
+ | Documentation is available [[: | ||
+ | |||
+ | ===== Script for soft abbreviate strings (extrasAbbreviateString) ===== | ||
+ | |||
+ | Since module version **3.2.0** | ||
+ | |||
+ | Script called **extrasAbbreviateString** | ||
+ | |||
+ | * .addParameter(' | ||
+ | |||
+ | Result examples: | ||
+ | |||
+ | * "Hi how are you" - maximum: 9 - "Hi how" | ||
+ | * "Ing. Mgr. at Mgr. MBA" - maximum: 20 - "Ing. Mgr. at Mgr." | ||
+ | * " | ||
+ | |||
+ | ===== Copying assigned roles from the main contract to a contract valid in the future ===== | ||
+ | |||
+ | This feature allows you to automatically copy roles from the existing main contract to a contract valid in the future. This serves to handle the issue with cases when contract validity is not extended but rather a new contract is created altogether. | ||
+ | |||
+ | Since module version **3.3.0** | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Deduplication for automatic roles by organization structure ===== | ||
+ | |||
+ | The feature process deduplication existing automatic roles that are assigned onto organization units. | ||
+ | |||
+ | Since module version **3.4.0** | ||
+ | |||
+ | Complete documentation is available [[.: | ||
+ | |||
+ | ===== Check whether a value is unique in a system ===== | ||
+ | |||
+ | This feature enables you to check that a certain value is unique in a system. This is typically useful for generators creating emails or usernames which need to be unique. | ||
+ | |||
+ | Since module version **3.5.0** | ||
+ | |||
+ | Complete documentation is available [[.: | ||
+ | |||
+ | ===== Notify user of account creation ===== | ||
+ | |||
+ | This feature enables users to receive notifications about account creation on a particular system or systems. | ||
+ | |||
+ | Since module version **3.6.0** | ||
+ | |||
+ | Complete documentation is available [[.: | ||
+ | |||
+ | ===== Create automatic role for organization group ===== | ||
+ | |||
+ | This feature creates automatic organization role for group. | ||
+ | |||
+ | Since module version **3.7.0** | ||
+ | |||
+ | Complete documentation is available [[.: | ||
+ | |||
+ | ===== Notification about roles without guarantees ===== | ||
+ | |||
+ | This feature sends notification about roles with expiring/ | ||
+ | |||
+ | Since module version **3.8.0** | ||
+ | |||
+ | Complete documentation is available [[.: | ||
+ | |||
+ | ===== Resize profile photo to defined size ===== | ||
+ | |||
+ | This feature allows you to resize user profile photos to a defined size. | ||
+ | |||
+ | Since module version **3.9.0** | ||
+ | |||
+ | Complete documentation is available [[.: | ||
+ | |||
+ | ===== Evaluator (permissions) for users with given form projection who do not have contract in denied organization ===== | ||
+ | |||
+ | Since module version **4.3.0**. | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Recalculate identities with roles ===== | ||
+ | |||
+ | Since module version **4.5.0**. | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Send custom notification to identities ===== | ||
+ | |||
+ | Since module version **4.5.0**. | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Notify about identity changes caused by synchronization ===== | ||
+ | |||
+ | Since module version **3.11.0** | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Approval of externs created from Hub ===== | ||
+ | |||
+ | Since module version **4.5.1**. | ||
+ | |||
+ | Documentation is available [[.: | ||
+ | |||
+ | ===== Missing related permissions report ===== | ||
+ | |||
+ | Since module version **4.5.2**. | ||
+ | |||
+ | Documentation is available [[.: |