Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:roles:adm:copying-deduplicating-roles [2019/03/19 08:02]
kotisovam language and formatting edit 		— (current)
Line 1: Line 1:
-====== Copying and deduplicating assigned roles ====== 
- 
-In this section, we describe in more detail what it entails to copy assigned roles, and to deduplicate assigned roles. 
- 
-<note> TO BE COMPLETED </note> 
- 
-==== Copying assigned roles from one user to another ==== 
-==== Cloning roles (e.g. to be used in a different environment) ==== 
- 
-===== Deduplicating roles (through an identity role bulk action) ===== 
- 
-Deduplication is a bulk action that is available **on User agenda**. Deduplication allows removing **only manually added roles** that are duplicite with another automatic role or **another manually** added role. 
- 
-{{ :devel:documentation:roles:adm:bulk_action.png |}} 
- 
-<note important>Deduplication removes only manually added roles. Roles that were assigned by automatic roles will never be removed.</note> 
- 
-The deduplication process can be overridden by each project, for specific project equals between roles see [[devel:documentation:roles:dev:identity-role-deduplication|]] 
- 
-Bulk action deduplication has several options that change the manner of checking whether two roles are duplicite. All options that are available: 
- 
-  * Approve - remove roles will process trough workflow process, 
-  * check role attributes - the equals process will checked role attributes and their values. 
- 
-{{ :devel:documentation:roles:adm:role_deduplication.png |}} 
- 
-==== Logic behind role removal ==== 
- 
-Keep in mind that a bulk action doesn't remove roles assigned by the system. For example, automatic or business roles. Removed will be only manually added roles (**always**). In product behavior that solve duplicity (this behavior can be overridden by project, see [[devel:documentation:roles:dev:identity-role-deduplication|]]). Compared identity roles must pass these rules: 
-* must assign the same role, 
-* must be on the same identity contract, 
-* must be automatic and manually, or manually and manually, 
-* one of roles must be in validity range the second one (please see section with validity comparison), 
-* must have same role parameters expecting same values. 
- 
-==== Comparing validity of two roles ==== 
-<note important>Please pay attention to this section.</note> 
- 
-We resolve duplicity of two assigned roles by their validity or contract's validity. For a better overview there are some examples with a commentary: 
- 
-=== Examples === 
- 
-In the case two roles are assigned manually and ''role A'' has infinity validity, ''B role'' is removed. 
-<code> 
-            B 
-     |---------| 
-  <----|----------------> 
- ______|_________|____________ 
-             | 
-            now 
-</code> 
----- 
- 
----- 
-When two roles had been assigned manually and both roles have infinite validity, **the role that is more recently** assigned than the other one is removed. 
-<code> 
-            B 
-     <---------> 
-  <--------------------> 
- ___________________________ 
-             | 
-            now 
- 
-</code> 
----- 
- 
- 
-In the following case, two roles had been assigned manually and ''role B'' is within the validity range of ''role A''. ''Role B'' is removed. 
-<code> 
-    B 
-          |-------------| 
-       |-------------------------| 
- ______|____|_____________|______|_____ 
-                   | 
-                  now 
-</code> 
----- 
- 
- 
-When two roles are assigned manually and both have the same validity, **the role that is most recently** assigned is removed. 
-<code> 
- B 
-          |-------------| 
-        A |-------------| 
- _________|_____________|_______ 
-                 | 
-                now 
-</code> 
----- 
- 
- 
-When two roles are assigned manually and **contracts have infinite validity**, no role is removed. 
-<code> 
- 
-        B 
-            A             |------| 
-       |----------|            | 
- ______|__________|_______|______|_____ 
-            | 
-           now 
-</code> 
----- 
- 
- 
-Let's consider another case, two roles had been assigned manually and both the contract and the ''role A'' indicate the same validity. The process then removes ''B role''. 
-<code> 
-     B 
-            A         |------| 
-       |----------|        | 
- ______|__________|___|______|_____ 
-    |           | 
-   now contract 
-    valid till 
-</code> 
----- 
- 
-Another scenario, ''role MAN'' had been added manually, and ''role AUTO'' had been assigned automatically. The process removes ''MAN role''. 
-<code> 
-  MAN 
-    AUTO  |--------------| 
-    <-----------------------------> 
-__________|______________|____ 
-                | 
-               now 
-</code> 
----- 
- 
-In this case is ''role MAN'' manually added and ''role AUTO'' is automatically added. The process will remove ''MAN role'', because the validity of the automatic role is the same as that of the contract, and so now the manually added role is invalid. 
-<code> 
-        MAN 
-          AUTO      |-----| 
-      |--------|    |     | 
-______|________|____|_____|__ 
-            | 
-           now 
-</code> 
----- 
- 
-In this case, ''role MAN'' had been added manually, while ''role AUTO'' automatically. Both roles feature filled validities, with the "valid till" value being little bit longer for ''role MAN'' than for ''role AUTO''. The process removes ''MAN role''. 
- 
-<code> 
-  MAN 
-         |--------------| 
-    AUTO |-------------------| 
-_________|______________|____|___ 
-                  | 
-                 now 
-</code> 
----- 
- 
-In this case, ''role MAN'' had been added manually, while ''role AUTO'' automatically. Both roles have validity entries, and the valid-from value for ''role MAN'' is a little bit longer than that of ''role AUTO''. The process removes ''MAN role''. 
- 
-<code> 
-  MAN 
-      |-----------------------| 
-      |        |--------------| AUTO 
-______|________|______________|_______ 
-                       | 
-                      now 
-  
-</code> 
----- 
- 
-In this case, ''role MAN'' had been assigned manually, and ''role AUTO'' had been added automatically. Both roles are going to be valid in the future. No role will be removed.  
-<code> 
-           MAN 
-     <---------------------------> 
-           |-----| AUTO 
-___________|_____|_____________ 
-       | 
-      now 
-</code> 
----- 
- 
-In this case ''role MAN'' had been manually added, and ''role AUTO'' had been automatically added. ''Role MAN'' has infinite validity, and the process removes ''MAN role'', since ''AUTO role'' has the same validity as the contract. 
-<code> 
-           MAN 
-     <---------------------------> 
-           |-----| AUTO 
-___________|_____|_____________ 
-              | 
-             now 
- 
-</code> 
----- 
  
  • by kotisovam