Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorial:adm:automatic_roles_by_attribute [2018/01/05 13:48]
poulm typographic correction
tutorial:adm:automatic_roles_by_attribute [2018/12/27 15:12] (current)
kotisovam
Line 1: Line 1:
-====== Automatic roles - add roles by attribute value ======+====== Automatic roles - adding ​roles by attribute value ======
  
 If you want to add a role to all users that work on the 3th floor, you can use **Automatic roles by attribute**. If you want to add a role to all users that work on the 3th floor, you can use **Automatic roles by attribute**.
Line 5: Line 5:
 <note tip>​Basics of roles and automatic roles can be found in [[devel:​documentation:​roles|documentation]]. <note tip>​Basics of roles and automatic roles can be found in [[devel:​documentation:​roles|documentation]].
 </​note>​ </​note>​
-Since CzechIdM 7.7 there is a new main menu item **Settings -> automatic roles**. ​+From CzechIdM 7.7 onwards, ​there is a new main menu item **Settings -> automatic roles**. ​
 {{ :​tutorial:​adm:​autorole_by_organizations.png | Automatic roles list}} {{ :​tutorial:​adm:​autorole_by_organizations.png | Automatic roles list}}
  
Line 12: Line 12:
   * **Automatic roles based on the attribute**   * **Automatic roles based on the attribute**
  
-First one shows the list of the automatic roles that the user gets via its placement in organization structure. In other words, employees ​that e.g. works on IT Department.+The first one shows the list of the automatic roles that user gets via his/​her ​placement in the organization'​s ​structure ​- sayall employees ​working in the IT Department.
  
-The second one shows the automatic roles that users gets via so called ​**Rules**.+The second one shows the automatic roles that users get by means of **Rules**.
  
 {{ :​tutorial:​adm:​automatic_roles_by_attribute_list.png | Roles by attributes list}} {{ :​tutorial:​adm:​automatic_roles_by_attribute_list.png | Roles by attributes list}}
Line 20: Line 20:
 ===== Rules for automatic roles ===== ===== Rules for automatic roles =====
  
-Rules are conditions that are evaluated on users and their contracts. If all the rules/​conditions are TRUE, than the user gets given role.+Rules are conditions that are evaluated on users and their contracts. If all the rules/​conditions are TRUE, then the user gets the given role.
  
-e.g. Rule can be that user's contract has attribute "​floor"​ with value "​3"​.+e.g. A rule can be set such that user's contract has an attribute "​floor"​ with value "​3"​.
  
-To create a new automatic role by an attribute, go to **Settings -> automatic roles -> Automatic roles based on the attribute**. ​There click on green "​Add"​ button. ​On the form fill in the name of new automatic role by attribute e.g. "​Employees - 3th floor printing"​.+To create a new automatic role by an attribute, go to **Settings -> automatic roles -> Automatic roles based on the attribute**. ​Next, click on the green "​Add"​ button. ​In the formfill in the name of new automatic role by attribute e.g. "​Employees - 3th floor printing"​.
  
 {{ :​tutorial:​adm:​autorole_new.png | New automatic role definition}} {{ :​tutorial:​adm:​autorole_new.png | New automatic role definition}}
Line 30: Line 30:
 Then select the Role - real CzechIdM entity e.g. "ldap files" that will be assigned if the user matches the Rules. ​ Then select the Role - real CzechIdM entity e.g. "ldap files" that will be assigned if the user matches the Rules. ​
  
-The basic for the automatic role is done now, click Save and continue.+The basic setup for the automatic role is done now, click Save and continue.
  
-We have specified what role is assigned, now we need the conditions - Rules.+We have specified what role shall be assigned, now we need the conditions - Rules.
 {{ :​tutorial:​adm:​autorole_rules_list.png | Rules list}} {{ :​tutorial:​adm:​autorole_rules_list.png | Rules list}}
  
-Click on the green "​new"​ button above the Rule table - table may be empty. ​+Click on the green "​new"​ button above the Rule table - the table may be empty. ​
  
 {{ :​tutorial:​adm:​autorole_new_rule.png |}} {{ :​tutorial:​adm:​autorole_new_rule.png |}}
  
-Provided that the users' contracts have EAV attribute "​Floor"​ defined, the Rule can look like+Provided that the users' contracts have EAV attribute "​Floor"​ defined, the Rule can look like this:
  
   * **Type of checked attribute = Extended attribute of contract**   * **Type of checked attribute = Extended attribute of contract**
Line 50: Line 50:
 {{ :​tutorial:​adm:​autorole_popup.png | popup}} {{ :​tutorial:​adm:​autorole_popup.png | popup}}
  
-  * **Yes** - Automatic role is evaluated for all users. Those matching the rule gets given role. Calculation is started as long running task and its progress can be found in Settings -> Task scheduler -> All tasks. +  * **Yes** - Automatic role is evaluated for all users. Those matching the rule get the said role. Calculation is started as long running task and its progress can be verified ​in the Settings -> Task scheduler -> All tasks. 
-    * More over, if identity or its concept is saved e.g. after some admin manual ​work or during automatic synchronization,​ the rules for automatic roles by attributes are recalculated for given user. +    * Moreover, if an identity or its concept is saved - say after some manual ​editing done by the admin or during automatic synchronization ​-, the rules for automatic roles by attributes are recalculated for the respective ​user. 
-  * **No** - automatic role is saved as concept. ​+  * **No** - automatic role is saved as concept. ​
  
 ===== Concepts of automatic roles ===== ===== Concepts of automatic roles =====
  
-Automatic roles saved as concept ​are not evaluated until the concept is finished ​(Green button "​Recalculate"​). If any user is saved in gui or e.g. during synchronization, ​concept ​automatic roles are skipped.+Automatic roles saved as concepts ​are not evaluated until the concepts are completed ​(Green button "​Recalculate"​). If any user is saved in gui or e.g. during synchronization,​ automatic roles concepts ​are skipped.
  
 {{ :​tutorial:​adm:​autorole_datail_concept.png | Concept of automatic role by attributes}} {{ :​tutorial:​adm:​autorole_datail_concept.png | Concept of automatic role by attributes}}