Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:roles:adm:role_assignment [2019/07/22 12:54]
svandav 		devel:documentation:roles:adm:role_assignment [2019/07/23 09:02]
svandav [Failed state]
Line 74: Line 74:
 <note important>It means if a current process task contains a decision with ID '**disapprove**', then it is used. When a disapproval decision is not found, the standard cancellation of process is called.</note> <note important>It means if a current process task contains a decision with ID '**disapprove**', then it is used. When a disapproval decision is not found, the standard cancellation of process is called.</note>
  
-====== The approval process ======+===== The approval process =====
  
 If the request-permission-change-without-approval mode is not used, process "approve-identity-change-permissions" will be started. If the request-permission-change-without-approval mode is not used, process "approve-identity-change-permissions" will be started.
Line 89: Line 89:
   - **Realization of the request** - the realization itself is not carried out by the process, but by the service for managing requests for permission change.   - **Realization of the request** - the realization itself is not carried out by the process, but by the service for managing requests for permission change.
  
-<note important>All permission changes must be made via the role request agenda (RoleRequest). </note>+====== System state ====== 
 + 
 +The role request has a status item that identifies whether the request has already been executed. The **Executed** state in this case means that the request has been approved and the changes have been executed in IdM. **This state only reflects the state in IdM**. 
 + 
 +This status does not cover a situation where some of the assigned roles create an account on a **system**. In this case, it may be important for the user to know the exact time the **account was successfully created**. Alternatively, if there is an error on the system, it is good to know this information in **the role request** itself. 
 + 
 +<note tip>These requirements solve the **system state**. Which represents how the implementation of the request on systems has ended.</note> 
 + 
 +==== Running state ==== 
 + 
 +Some of the provisioning operations is not completed. 
 + 
 +This is typically a situation where the connector (target system) is waiting to process the operation. 
 + 
 +{{ :devel:documentation:roles:adm:request-inprogress.png?800 |}} 
 + 
 +==== Failed state ==== 
 + 
 +Some of the provisioning operations failed. 
 + 
 +This is typically a situation where the connector throw an exception. If you click on the status, you will see information on **which systems have failed**. 
 + 
 +{{ :devel:documentation:roles:adm:request-failed.png?800 |}} 
 + 
 +On the detail of a request that has provisioning errors, the roles that connect the system to which the error occurred are marked with a specific error. 
 + If one role assigns more than one system and an error occurs on both, error for only one system will be displayed. 
 + 
 +If the entire request contains only one provisioning error, the log of that error is displayed on the request detail (**Error log from a systems**). 
 + 
 +{{ :devel:documentation:roles:adm:request-failed-detail.png?800 |}} 
 + 
 +**In the provisioning operations agenda**, all operations that were created under a given request have a link to that request (**key icon**). 
 + 
 +{{ :devel:documentation:roles:adm:provisioning-operation-key.png?800 |}} 
 + 
 + 
 +===== Notification ===== 
 + 
 +{{ :devel:documentation:roles:adm:notification-without-problem.png?600 |}} 
 + 
  • by husniko