Differences

This shows you the differences between two versions of the page.

--- devel:documentation:roles [2019/03/20 12:31]
poulm page refactoring, sections moved into admin guide
+++ devel:documentation:roles [2019/03/20 12:41]
poulm link to "copy role from user tutorial"
@@ Line 7: / Line 7: @@
 A role in CzechIdM is an entity representing a set (1 or many) of privileges on the end system or in CzechIdM itself [[devel:documentation:roles:adm:authorization|(permission)]]. Users acquire roles:
   * [[devel:documentation:roles:adm:automatic_roles|automatically]] – according to the organizational placement of the identity, or identitie's attributes like adress or company.
-  * [[devel:documentation:roles:adm:role_assignment|manually]] – through assigning based on the user’s request in the CzechIdM self-service or by a CzechIdM administrator.
+  * manually
+    * [[devel:documentation:roles:adm:role_assignment| by request]] in the CzechIdM self-service or by a CzechIdM administrator.
+    * [[tutorial:adm:copying| copying]] from an existing user.
 Request for the role [[devel:documentation:role_change|can be approved]] by specific user, usually helpdesk, user's manager or IT security.
-Roes can be aggregated into **business roles**. Provided role A is a subrole of role B, If role B is assigned (no matter how - automatically or manually) to the user, he acquires also role A.
+Roes can be aggregated into [[devel:documentation:roles:adm:business_roles|business roles]]. Provided role A is a subrole of role B, If role B is assigned (no matter how - automatically or manually) to the user, he acquires also role A.
 From the perspective of the identity manager, it does not matter whether the user acquires an account in a specific application, is placed in a group in LDAP, his indication is set to “can use VPN”, or permission is set for him in the application. In all the cases, a role is assigned. A simplification carried out like this allows general rules to be applied for assigning all types of permissions (~roles) in the same way.
@@ Line 27: / Line 29: @@
   * ''environment'' - environment identifier, e.g. **dev**.
   * ''code'' - complex code. If environment is not used, then ''baseCode'' value is the same as ''code'' value, otherwise complex code is combined from base code, environment and joined with separator (''|'' by default). For example **roleOne|dev**.
-===== Role criticality=====
-The level of criticality can be set for every role. Criticality denotes, [[devel:documentation:role_change#roles_criticality_disintegration_to_subprocesses| who approves ]] its assignment. Role can have criticality from 0 to 5.
 ===== Incompatible roles =====
@@ Line 51: / Line 50: @@
 {{ :devel:documentation:incompatible-role-request-confirm.png |}}
-===== Copying roles from a user =====
-Copying roles from a user is a new feature that allows one user to easily copy roles/permissions from another user. You can get the same roles like one of your colleagues has by simply filing a request that admin then approves or declines.  For more information please visit [[devel:documentation:roles:adm:copying-assigned-roles|admin guide]].
-This feature is available in the role request detail, see the new button in the picture:
-{{ :devel:documentation:add_role.png |}}
 For more information about the feature with more detailed description, please see the admin guide.