Differences

This shows you the differences between two versions of the page.

--- devel:documentation:roles:adm:role_assignment [2019/07/29 11:11]
svandav [Notification]
+++ devel:documentation:roles:adm:role_assignment [2020/02/17 20:27] (current)
husniko [Role deletion]
@@ Line 152: / Line 152: @@
 ==== Not executed state ====
 This state is **very similar to the case when the provisioning operation is blocked**. Occures where system is seta to **read only** mode.
+===== Role deletion =====
+Role is allowed to be deleted only if it is not assigned to any identity. This requirement is checked during prevalidation process and user is informed about this. Another provided information pertains to the number of role request concepts from which a reference to the deleted role needs to be removed. This additional information is for user useful because deletion of even single role which was previously assigned to many (assume hundreds) identities may take long time. This warning is currently displayed if number of request concepts to modify exceeds 100 items. Images below are only for illustration and don't take this into account.
+{{ :devel:documentation:roles:adm:delete_role_prevalidation.png?400 |}}
+Results of actions connected with the process of role removal are still possible to see in **Audit** tab. We can see here that role deletion was accompanied with role removal from 4 role request concepts.
+{{ :devel:documentation:roles:adm:delete_role_audit_summary.png?1000 |}}
 ===== Link to request =====
@@ Line 165: / Line 177: @@
 ===== Notification =====
 **These notifications are sent when the application is fully completed.**
+<note>Notifications are controlled by same rules (**configuration properties**) as notifications sending after end of approval process ([[tutorial:adm:role_change_notification_configuration|read more]]).</note>
 <note important>Completion is considered a state where the request has the request set "**Status in IdM**" to "**EXECUTED**" and the "**Status on systems**" is "**EXECUTED**" or **empty** (the status can be empty if the request does not change any role that would assigned a system).</note>
@@ Line 173: / Line 187: @@
-<note tip>The notification includes a ** link ** to the detail of the relevant IdM role change request</note>
+<note tip>The notification includes a ** link ** to the detail of the relevant IdM role change request.</note>
 {{ :devel:documentation:roles:adm:request-system-state-notification.png |}}
+**Name of email templates**:
+  * ``changeIdentityRoleImplementer``
+  * ``changeIdentityRole``
+<note>The same templates (but different topics) are used and sent when the approval process is successfully completed. They contain the same data, the difference is only at the moment of submission (immediately after approval in IdM) and in the column "Problems on systems" is not filled.</note>
+<note warning>**Beware**, these templates have been redesigned in version **9.7.0** and must be **manually updated** in all environments after upgrading to this version.</note>
+**Name of topics**:
+  * ``core:roleRequestRealizedApplicant``
+  * ``core:roleRequestRealizedImplementer``
+<note warning>**Beware**, these topics are **disabled be default**! If you want to use this notification, you have to **enable these topics first**!</note>