Copying assigned roles

Copying roles from a user is a useful feature for copying/sharing permissions between users. The main purpose is to make it easier to add manually assigned roles to another user.

For CzechIdM version >= 9.7.12: Roles, which cannot be requested, cannot be selected. Configure authorization policy to fully enable this feature.

The feature is available on the role request detail as a new button.

To be able to view this button and create a new role request you need to have permissions to change user permissions, create request, etc. For more information, see authorization dokuwiki page.

Copying roles is done by means of a pop-up window. In this window, you can select the user from whom you would like to copy their roles, by filling the select box labelled Select a user.

Once you have selected the user, you can also select one of their contracts to see a respective set of assigned roles for that selected user, as there can be more than one contract.

Roles that are then displayed had been assigned only for the selected contract. If the contract field stays unselected (i.e. blank), then all assigned roles across all the user's contracts are listed.
Roles, which cannot be requested, cannot be selected. Configure authorization policy if needed to enable this feature.

At this stage, you have to select a contract to have new roles assigned. This field is mandatory.

Next, you may specify validity dates for these requested roles.

For manually assigned roles it is possible to change validity. In contrast, automatically assigned roles uphold the validity from the contract.

If any of the assigned roles includes role parameters, you can also choose to copy the parameters with or without these values. By default this option is disabled, you can activate it by checking the checkbox.

In the lowest part of the pop-up window there is a component for selecting assigned roles and copying them.

The buttons in between the Roles select from a user and Selected roles tables let you do the following actions:

  • add all roles that are listed in the Roles selected from a user table to the Selected roles table,
  • add only selected roles that are listed in the Roles select from user table to Selected roles table,
  • remove only selected roles that are listed in the Selected roles table,
  • remove all roles that are listed in the Selected roles table.

Example:

There may be some business roles among the desired selection of roles. These roles most likely consist of some subroles. Subroles are assigned to a user automatically once the top (parent or business) or upper role within the business role composition has been assigned to them.

In default settings of the pop-up window (for copying roles from a user), only directly assigned roles are displayed. This option can be changed by checking the checkbox Show only roles assigned directly.

Be careful: if you assign a business role along with all of its subroles DIRECTLY, the user ends up having duplicate, or possibly triplicate roles. In other words, its subroles will be assigned twice.

More about roles can be found here

  • by tomiskar