Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:roles:dev:universal_requests [2019/02/14 13:44]
kotisovam parts moved to admin guide section 		devel:documentation:roles:dev:universal_requests [2021/03/09 11:12] (current)
husniko [Workflow process for roles]
Line 82: Line 82:
  
 ==== Workflow process for roles ==== ==== Workflow process for roles ====
-The basic approval process where changes on the role are approved by the guarantors of the role in request. If there are no guarantors or a new role, then those who have the role defined in the variable '**core.wf.approval.role-change.role**' are the approvers. If this variable does not have any role, '**superAdminRole**' is returned.+The basic approval process where changes on the role are approved by the guarantors of the role in request. If there are no guarantors or a new role, then those who have the role defined in the variable '**core.wf.approval.role-change.role**' are the approvers. If this variable does not have any role, '**superAdminRole**' is returned. The result of the approval process is sent to the applicant for changes via email notification. Sending of these notifications can be disabled by setting the corresponding notification topic to inactive state. Topic ''core:approveRoleDefinitionChange'' for approved requests and ''core:disapproveRoleDefinitionChange'' for disapproved ones.
  
 <code>core.wf.approval.role-change.role=superAdminRole</code> <code>core.wf.approval.role-change.role=superAdminRole</code>
  
-{{:devel:documentation:roles:dev:wf-request-role.png|}}+{{:devel:documentation:roles:dev:wf-request-role-with-notify.png|}}
  
 ==== Workflow process for business roles ==== ==== Workflow process for business roles ====
Line 93: Line 93:
  
 {{:devel:documentation:roles:dev:wf-request-business.png|}} {{:devel:documentation:roles:dev:wf-request-business.png|}}
 +
 +
 +==== Configurable role guarantor type for role change request ====
 +{{tag>role request guarantee type}}
 +By default a role is approved by any guarantor defined for that role. **If you need to restrict approval to only guarantors with a specific type**, then you can use the configuration item **idm.sec.core.request.idm-role.approval.guarantee-type**, where the value specifies the **type of guarantor**.
 +
 +If the value is not defined or item does **not exist**, then **all guarantors are used for approval**, regardless of what type they have defined. The described behavior is the same for guarantors defined by **identity** or **role**.
 +
 +<note tip>**By default**, this configuration item (**idm.sec.core.request.idm-role.approval.guarantee-type**) is empty. This means that approval will be run with all guarantors (regardless of their type).</note>
 ===== Limitations ===== ===== Limitations =====
 <note warning>Enabling of the request mode is controlled only by **IdmRole** now.</note> <note warning>Enabling of the request mode is controlled only by **IdmRole** now.</note>
 <note warning>Changes in the request preview are highlighted only on tables. Type of changes are not show on the object **details** or on **EAVs**!</note> <note warning>Changes in the request preview are highlighted only on tables. Type of changes are not show on the object **details** or on **EAVs**!</note>
  
  • by kotisovam