Differences

This shows you the differences between two versions of the page.

--- devel:documentation:roles [2019/08/14 14:15] – doischert
+++ devel:documentation:roles [2025/10/22 11:40] (current) – [Roles and accounts] otmara
@@ Line 1: / Line 1: @@
-<- .:identities | Identities ^ .:start | Documentation ^ .:role_change | Roles change request ->
+<- .:contracts | Contracts ^ .:start | Documentation ^ .:role_change | Roles change request ->
 {{tag> role incompatible business automatic SoD Segregation Duties }}
@@ Line 22: / Line 22: @@
 ===== Roles and contracts =====
-Roles are assigned to users via their contracts. If a contract is not valid (time validity) the roles on the contract are removed. In other words, the identity loses roles permissions in IdM and rights in connected systems.
+Roles are assigned to users via their contracts. If a contract is not valid (time validity) the roles on the contract are removed. In other words, the identity loses roles permissions in IdM and rights in connected systems. Since IdM13.0.17 is function which automatically prefiled start date of contract it is possible to update it freely.
 {{ :devel:adm:idm_entities.png?1000 | Entities relations}}
@@ Line 37: / Line 37: @@
 {{ :devel:documentation:automatic_role_by_attribute.png?600 |}}
+===== Roles and accounts =====
+Roles can also be assigned directly to accounts. This is particularly when a user has multiple accounts and we want the role to apply to only one account or when we are managing technical accounts.
+==== Zone and tier ====
+Each role has optional zone and tier attributes. Those attributes are used when assigning a role to a 'PERSONAL OTHER' account. If the role's and the account's respective zone and tier don't match, the role can't be assigned to that particular account
 ====== Read more ======