Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:role_attributes [2019/01/14 14:36] svandav |
devel:documentation:role_attributes [2019/04/16 08:07] (current) svandav |
||
---|---|---|---|
Line 2: | Line 2: | ||
====== Attributes of role ====== | ====== Attributes of role ====== | ||
- | {{tag> | + | {{tag> |
- | ===== What are an attributes of role? ===== | + | |
- | Role attributes define what additional information can (must) be filled in the user's assigned role. A typical example can be the IP address of a user's end station, which must be filled in in a role assignment request. | + | |
- | Definitions of which attributes | + | ===== What are role attributes |
+ | **Role attributes determine** what additional information **can (must)** | ||
+ | The **definitions of what attributes** are to be filled for the role are managed on the **role detail** (role attributes tab). Here, you define not only what attributes to show in the request, but also their **default values** and **validation settings**. This definition is part of the **role approval** process (off by default). | ||
- | ===== How it works? ===== | ||
+ | ===== How it works ===== | ||
- | ==== Provisioning of assigned roles ==== | + | ==== Definition ==== |
+ | First, you need to **create the main definition** of all attributes which could be used in role **sub-definition**. The **main form definition** can be created in the **Form definitions** agenda. | ||
+ | < | ||
+ | <note tip> | ||
+ | <note important> | ||
+ | |||
+ | Then, you need to **create sub-definition** of attributes witch should be filled in requesting a role. | ||
+ | Sub-definition can be created on the role detail on the **Role attributes** tab. In sub-definition you can select an attributes only from main definition. So first what you need to do, is select main definition and save it. Then you can create **attribute definition for the role**. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | **Attribute definition for the role** define: | ||
+ | |||
+ | * **Definition of attribute** from the main definition. | ||
+ | * **Overrides the default value**. Default value from attribute in main definition will be prefilled (only on frontend). | ||
+ | * **Overrides the validation settings**. Validation settings from attribute in main definition will be prefilled (only on frontend). | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ==== Using on the role request ==== | ||
+ | |||
+ | If some requested role **has attributes**, | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | **If you add multiple roles** in one request and some from this roles will have **required attribute** (without default value), then will be created concept **not valid**. In this case you will see **warning icon** on the unvalid concept. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | You can **modified existing attribute value** in assigned role. For this case was created new mode for **highlight** changes on detail of role concept: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | If a **request** that contains **attribute roles** is submitted, a standard **approving process is executes**. If the role with the attributes is approval, then the detail of the concept role, including the attributes, **is displayed in the detail of the approval user task**. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Upon successful **completion of the request**, the resulting concept role attributes are **copied** to the **assigned role** (**IdmIdentityRole**). Attributes assigned to roles can be displayed on the **identity detail** (**Roles** -> **detail** -> Tab " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | ===== Provisioning of assigned roles ===== | ||
+ | For the purpose of provisioning assigned roles, new attributes (**User assigned roles** and **User assigned roles (for this system)**) were created, which can be used in system mapping for provisioning identities. | ||
+ | Input of the transformation into the system is a list of valid assigned identity roles. This assignment is represented by the ** AssignedRoleDto ** object, which mirrors the object ** IdmIdentityRoleDto ** and tries to simplify the work with assigned roles in the transform. This simplification is primarily based on the fact that the object contains the entire DTO (role, identityContract, | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | < | ||
+ | < | ||
=== Example script for print assgined roles to the string: === | === Example script for print assgined roles to the string: === | ||
Line 37: | Line 89: | ||
</ | </ | ||
- | ====== Read more ====== | ||
- | |||
- | ===== Devel guide ===== | ||
- | ===== Limitations | + | ===== Admin guide (to be completed)===== |
- | <note warning> | + | * [[.attributes: |
- | <note warning> | + |