Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
devel:documentation:roles [2019/03/15 12:48] tomiskar [Duplicate role] |
devel:documentation:roles [2019/03/19 07:27] kotisovam [Admin guide] new page in admin guide |
From the perspective of the identity manager, it does not matter whether the user acquires an account in a specific application, is placed in a group in LDAP, his indication is set to “can use VPN”, or a permission is set for him in the application. In all the cases, a role is assigned. A simplification carried out like this allows general rules to be applied for assigning all types of permissions (~roles) in the same way. | From the perspective of the identity manager, it does not matter whether the user acquires an account in a specific application, is placed in a group in LDAP, his indication is set to “can use VPN”, or a permission is set for him in the application. In all the cases, a role is assigned. A simplification carried out like this allows general rules to be applied for assigning all types of permissions (~roles) in the same way. |
| |
| ====== Role-differentiating icons ====== |
| |
| ...to be completed |
===== Roles and contracts ===== | ===== Roles and contracts ===== |
| |
{{ :devel:documentation:incompatible-role-request-confirm.png |}} | {{ :devel:documentation:incompatible-role-request-confirm.png |}} |
| |
| |
| ===== Copying roles from a user ===== |
| |
| Copying roles from a user is a new feature that allows one user to easily copy roles/permissions from another user. You can get the same roles like one of your colleagues has by simply filing a request that admin then approves or declines. For more information please visit [[devel:documentation:roles:adm:copying-assigned-roles|admin guide]]. |
| |
| This feature is available in the role request detail, see the new button in the picture: |
| |
| {{ :devel:documentation:add_role.png |}} |
| |
| |
| For more information about the feature with more detailed description, please see the admin guide. |
| |
===== Automatically assigned roles by organization structure ===== | ===== Automatically assigned roles by organization structure ===== |
<note>Some processes used to approve role assignments to a user may not support approving changes to automatic roles (for example, approval by the supervisor). In this case, the default process is used (**approval with role guarantee**).</note> | <note>Some processes used to approve role assignments to a user may not support approving changes to automatic roles (for example, approval by the supervisor). In this case, the default process is used (**approval with role guarantee**).</note> |
| |
===== Duplicate role ===== | ===== Duplicating roles ===== |
| |
Role can be duplicated by prepared bulk action. Bulk action is available on the roles table. | Role can be duplicated by prepared bulk action. Bulk action is available on the roles table. |
Read [[.roles:dev:duplicate-role|more]] about action implementation and how it's possible to extend it. | Read [[.roles:dev:duplicate-role|more]] about action implementation and how it's possible to extend it. |
| |
| ===== Deduplicating roles ===== |
| |
| ...to be completed. |
| |
====== Read more ====== | ====== Read more ====== |
* [[tutorial:adm:automatic_roles|Creating an automatically assigned role by organization structure]] | * [[tutorial:adm:automatic_roles|Creating an automatically assigned role by organization structure]] |
* [[tutorial:adm:automatic_roles_by_attribute|Creating an automatically assigned role by identity attribute]] | * [[tutorial:adm:automatic_roles_by_attribute|Creating an automatically assigned role by identity attribute]] |
| * [[tutorial:adm:copying|Copying assigned roles from one user to another]] |
| * [[tutorial:adm:deduplicating|Deduplicating roles]] |
| |
===== Admin guide ===== | ===== Admin guide ===== |
| * [[.roles:adm:icons| Icons and description of roles]] |
* [[.roles:adm:authorization_policy|Authorization policies overview]] | * [[.roles:adm:authorization_policy|Authorization policies overview]] |
* [[.roles:adm:authorization|Permissions Setting Mechanism]] | * [[.roles:adm:authorization|Permissions Setting Mechanism]] |
* [[.roles:adm:automatic_roles|Automatic roles overview]] | * [[.roles:adm:automatic_roles|Automatic roles overview]] |
* [[.roles:dev:automatic_role_request]] | * [[.roles:dev:automatic_role_request]] |
| * [[.roles:adm:copying-deduplicating-roles|Copying and deduplicating roles]] |
| * [[.roles:adm:copying-assigned-roles|Copying assigned roles from one user to another]] |
| |
| |
| |
===== Devel guide ===== | ===== Devel guide ===== |