Differences

This shows you the differences between two versions of the page.

--- devel:documentation:roles [2019/03/19 08:05]
kotisovam [Admin tutorials]
+++ devel:documentation:roles [2019/03/20 08:16]
kotisovam [Role-differentiating icons] moved to admin guide
@@ Line 12: / Line 12: @@
 From the perspective of the identity manager, it does not matter whether the user acquires an account in a specific application, is placed in a group in LDAP, his indication is set to “can use VPN”, or a permission is set for him in the application. In all the cases, a role is assigned. A simplification carried out like this allows general rules to be applied for assigning all types of permissions (~roles) in the same way.
-====== Role-differentiating icons ======
-...to be completed
 ===== Roles and contracts =====
@@ Line 118: / Line 116: @@
 ===== Deduplicating roles =====
-...to be completed.
+Since roles are assigned to a contract not to an identity, it may well happen that an identity ends up having some role duplicities. Partly, it may be due to the fact that role definitions are changed over time, and from a certain point on they start to be assigned in a different way (say, automatically). And one and the same identity may meet the updated condition as well, hence it gets the same role all over again.
+Deduplication is a bulk action that is available on User agenda. Deduplication allows removing only manually added roles that are duplicite with another automatic role or another manually added role. More on this feature in the admin guide and tutorial.
 ====== Read more ======
@@ Line 145: / Line 145: @@
   * [[.identities:dev:contractual-relationship#automatically_assigned_roles|Automatic roles by organization structure: heredity of roles]]
   * [[.roles:dev:automatic-roles-by-attribute|Automatic roles by attribute, rules, and recalculation]]
-  * [[.roles:dev:duplicate-role]]
+  * [[.roles:dev:duplicate-role| Cloning roles]]