Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
devel:documentation:role_attributes [2019/01/14 12:21] svandav created |
devel:documentation:role_attributes [2019/04/16 08:07] (current) svandav |
||
---|---|---|---|
Line 2: | Line 2: | ||
====== Attributes of role ====== | ====== Attributes of role ====== | ||
- | {{tag> | + | {{tag> |
- | ===== What are an attributes of role? ===== | + | |
- | Role attributes define what additional information can (must) be filled in the user's assigned role. A typical example can be the IP address of a user's end station, which must be filled in in a role assignment request. | + | |
- | Definitions of which attributes | + | ===== What are role attributes |
+ | **Role attributes determine** what additional information **can (must)** | ||
+ | The **definitions of what attributes** are to be filled for the role are managed on the **role detail** (role attributes tab). Here, you define not only what attributes to show in the request, but also their **default values** and **validation settings**. This definition is part of the **role approval** process (off by default). | ||
- | ===== How it works? ===== | ||
+ | ===== How it works ===== | ||
- | ==== Creation of the request' | + | ==== Definition |
+ | First, you need to **create the main definition** of all attributes which could be used in role **sub-definition**. The **main form definition** can be created in the **Form definitions** agenda. | ||
+ | < | ||
+ | <note tip> | ||
+ | <note important> | ||
+ | Then, you need to **create sub-definition** of attributes witch should be filled in requesting a role. | ||
+ | Sub-definition can be created on the role detail on the **Role attributes** tab. In sub-definition you can select an attributes only from main definition. So first what you need to do, is select main definition and save it. Then you can create **attribute definition for the role**. | ||
- | ====== Read more ====== | + | {{ : |
- | ===== Devel guide ===== | + | **Attribute definition for the role** define: |
- | ===== Limitations ===== | + | * **Definition of attribute** from the main definition. |
- | < | + | * **Overrides the default value**. Default value from attribute in main definition will be prefilled (only on frontend). |
- | < | + | * **Overrides the validation settings**. Validation settings from attribute in main definition will be prefilled (only on frontend). |
+ | |||
+ | <note important> | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ==== Using on the role request | ||
+ | |||
+ | If some requested role **has attributes**, | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | < | ||
+ | |||
+ | **If you add multiple roles** in one request and some from this roles will have **required attribute** (without default value), then will be created concept **not valid**. In this case you will see **warning | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | You can **modified existing attribute value** | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | If a **request** that contains **attribute roles** is submitted, a standard **approving process is executes**. If the role with the attributes is approval, then the detail of the concept role, including the attributes, **is displayed in the detail of the approval user task**. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Upon successful **completion | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ===== Provisioning of assigned roles ===== | ||
+ | For the purpose of provisioning assigned roles, new attributes (**User assigned roles** and **User assigned roles (for this system)**) were created, which can be used in system mapping for provisioning identities. | ||
+ | Input of the transformation into the system is a list of valid assigned identity roles. This assignment is represented by the ** AssignedRoleDto ** object, which mirrors | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | === Example script for print assgined roles to the string: === | ||
+ | <code java> | ||
+ | import eu.bcvsolutions.idm.acc.domain.AssignedRoleDto; | ||
+ | import eu.bcvsolutions.idm.core.api.dto.IdmRoleDto; | ||
+ | |||
+ | if (attributeValue) { | ||
+ | String result = ""; | ||
+ | for(AssignedRoleDto dto : attributeValue){ | ||
+ | result = result + "Role: [" + dto.getRole().getCode() + "] Attributes: [" + dto.getAttributes().toString() + " | ||
+ | |||
+ | } | ||
+ | return result; | ||
+ | } | ||
+ | return ""; | ||
+ | </ | ||
+ | |||
+ | == Output of this script: == | ||
+ | <code java> | ||
+ | Role: [Helpdesk] Attributes: [[:]] | ||
+ | Role: [RoleWithOneAttribute] Attributes: [[IP: | ||
+ | Role: [RoleWithTwoAttributes] Attributes: [[Number of fingers: | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Admin guide (to be completed)===== | ||
+ | * [[.attributes: |