Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:roles [2019/03/15 12:24]
tomiskar 		devel:documentation:roles [2019/03/18 09:02]
kotisovam [Read more] adding "to be completed" (deduplication)
Line 12: Line 12:
 From the perspective of the identity manager, it does not matter whether the user acquires an account in a specific application, is placed in a group in LDAP, his indication is set to “can use VPN”, or a permission is set for him in the application. In all the cases, a role is assigned. A simplification carried out like this allows general rules to be applied for assigning all types of permissions (~roles) in the same way. From the perspective of the identity manager, it does not matter whether the user acquires an account in a specific application, is placed in a group in LDAP, his indication is set to “can use VPN”, or a permission is set for him in the application. In all the cases, a role is assigned. A simplification carried out like this allows general rules to be applied for assigning all types of permissions (~roles) in the same way.
  
 +====== Role-differentiating icons ======
 +
 +...to be completed
 ===== Roles and contracts ===== ===== Roles and contracts =====
  
Line 64: Line 67:
  
  
 +===== Copying roles from a user =====
 +
 +Copying roles from user to user is new feature that allow easy share/copy roles/permission from user to user. For example admin has request from users: give me roles like has my colleague. For this purpose was create this function.
 +
 +This feature available on role request detail as new button see the picture:
 +
 +{{ :devel:documentation:add_role.png |}}
 +
 +
 +For more information about the feature with better describe please visit this [[devel:documentation:roles:dev:copying_role_by_user|admin wiki page]].
 ===== Automatically assigned roles by organization structure ===== ===== Automatically assigned roles by organization structure =====
 The role can be linked to a Tree structure (e.g. position in organizational structure). That role is assigned to and removed from a user based on adding/removing the user (via their contract or other contract position) to/from the organizational tree structure. If a contract is not valid yet, roles are assigned but are disabled until the contract starts. The role can be linked to a Tree structure (e.g. position in organizational structure). That role is assigned to and removed from a user based on adding/removing the user (via their contract or other contract position) to/from the organizational tree structure. If a contract is not valid yet, roles are assigned but are disabled until the contract starts.
Line 86: Line 99:
 <note>Some processes used to approve role assignments to a user may not support approving changes to automatic roles (for example, approval by the supervisor). In this case, the default process is used (**approval with role guarantee**).</note> <note>Some processes used to approve role assignments to a user may not support approving changes to automatic roles (for example, approval by the supervisor). In this case, the default process is used (**approval with role guarantee**).</note>
  
-===== Duplicate role =====+===== Duplicating roles =====
  
-Role can be duplicated by prepared bulk action. Bulk action is available after roles to be duplicated are selected in the roles table.+Role can be duplicated by prepared bulk action. Bulk action is available on the roles table.
  
 {{ :devel:documentation:screenshot_from_2019-03-15_13-11-55.png?600 |}} {{ :devel:documentation:screenshot_from_2019-03-15_13-11-55.png?600 |}}
  
-Action provide features: +Action provides features: 
-  * **Select environment** - role will be duplicated to selected environment with the role's base code preserved. If the same as role's environment is selected or environment input is leaved empty, the role is duplicated on the same environment with suffix added into role's base code, e.g. **roleOne** => **roleOne_1**.+  * **Select environment** - role will be duplicated to selected environment. If the same as role's environment is selected or environment input is leaved empty, the role is duplicated on the same environment with suffix added into role's base code, e.g. **roleOne** => **roleOne_1**. If the different environment is selected, then duplicate with the same base code is created (or updated).
   * **Duplicate role attributes** - creates (or updates) configured role attributes.   * **Duplicate role attributes** - creates (or updates) configured role attributes.
-  * **Duplicate sub roles** - creates (or updates) sub roles by business role definition (recursively). +  * **Duplicate sub roles** - creates (or updates) sub roles by business role definition (recursively). If the same environment is selected, the only role composition is created - exists sub role is used. If the different environment (~target environment) is used, then sub roles with the same environment as original are duplicated recursively into target environment
-  * **Duplicate automatic roles** - creates (or updates) configured automatic roles.+  * **Duplicate automatic roles** - creates (or updates) configured automatic roles. Both automatic roles by the tree structure and by the attribute are duplicated.
  
 <note tip>When the role with the same base code already exist on the selected environment (environment has to be different), then new duplicate is not created, but the exists duplicate is updated.</note> <note tip>When the role with the same base code already exist on the selected environment (environment has to be different), then new duplicate is not created, but the exists duplicate is updated.</note>
Line 102: Line 115:
 Read [[.roles:dev:duplicate-role|more]] about action implementation and how it's possible to extend it. Read [[.roles:dev:duplicate-role|more]] about action implementation and how it's possible to extend it.
  
 +===== Deduplicating roles =====
 +
 +...to be completed.
  
 ====== Read more ====== ====== Read more ======
  • by doischert