Differences

This shows you the differences between two versions of the page.

--- devel:documentation:roles:dev:universal_requests [2019/02/14 13:44]
kotisovam parts moved to admin guide section
+++ devel:documentation:roles:dev:universal_requests [2021/03/09 11:03]
husniko [Workflow process for roles]
@@ Line 86: / Line 86: @@
 <code>core.wf.approval.role-change.role=superAdminRole</code>
-{{:devel:documentation:roles:dev:wf-request-role.png|}}
+{{:devel:documentation:roles:dev:wf-request-role-with-notify.png|}}
 ==== Workflow process for business roles ====
@@ Line 93: / Line 93: @@
 {{:devel:documentation:roles:dev:wf-request-business.png|}}
+==== Configurable role guarantor type for role change request ====
+{{tag>role request guarantee type}}
+By default a role is approved by any guarantor defined for that role. **If you need to restrict approval to only guarantors with a specific type**, then you can use the configuration item **idm.sec.core.request.idm-role.approval.guarantee-type**, where the value specifies the **type of guarantor**.
+If the value is not defined or item does **not exist**, then **all guarantors are used for approval**, regardless of what type they have defined. The described behavior is the same for guarantors defined by **identity** or **role**.
+<note tip>**By default**, this configuration item (**idm.sec.core.request.idm-role.approval.guarantee-type**) is empty. This means that approval will be run with all guarantors (regardless of their type).</note>
 ===== Limitations =====
 <note warning>Enabling of the request mode is controlled only by **IdmRole** now.</note>
 <note warning>Changes in the request preview are highlighted only on tables. Type of changes are not show on the object **details** or on **EAVs**!</note>