Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:module_recertification [2019/08/08 11:43]
regulat created
+++ tutorial:adm:module_recertification [2023/06/28 11:01] (current)
cabelkal [Configuration]
@@ Line 1: / Line 1: @@
 ====== Module - Recertification ======
 ===== What do you need before you start =====
-  * You need install **CzechIdM 9.7.0** (and higher).
-  * You need be logged in as **admin**.
-  * You need enable **Recertification** module.
-Two new agendas were created under **Roles** main menu:
+  * You need to have **CzechIdM 9.7.0**  (or higher) installed.
-  * **Recertification requests** - contains created recertification requests.
+  * You need to be logged in as **admin**  (or an identity with superAdminRole).
-  * **Recertification** - contains created recertification action. Contains requests grouped by recertification action executed by bulk actions.
+  * You need to enable the **Recertification**  module.
+  * For hard recertification you will need plan new LRT - //RecertificationRemoveRolesTaskExecutor//  (since module version 3.2.0)
+Two new agendas were created under **Roles**  main menu:
+  * **Recertification requests**  - contains created recertification requests.
+  * **Recertification**  - contains created recertification actions. It contains requests grouped by recertification action executed by bulk actions.
 ==== Dashboard ====
-Dashboard with recertification requests was created - shows unresolved requests, which can be approved by logged user. Table of recertification request is the same as above - filter is only preseted by logged user and only unresolved requests are shown. Dashboard is hidden, when no requests are found.
+Dashboard with recertification requests was created - it shows unresolved requests, which can be approved by a logged user with appropriate rights. The table of recertification request is the same as above - the default filter shows the currently logged user and only unresolved requests. The dashboard is hidden when no requests are found.
-{{ :devel:documentation:recertification-dashboard.png |}}
+{{  :devel:documentation:recertification-dashboard.png  }}
 ==== Recertification requests ====
@@ Line 19: / Line 22: @@
 Request table:
-{{ :devel:documentation:recertification-requests.png |}}
+{{  :devel:documentation:recertification-requests.png  }}
-On recertification request detail is tabs:
+On the recertification request detail there are following tabs:
-  * with items - contains basic information about request and items to approve.
+  * with items - contains basic information about the request and items to approve.
   * with approvers - shows current available approvers by recertification type (contract managers or role guarantee defined by user or role).
-  * with role requests - when assigned role representing by recertification item is removed, when assigned role is removed by role request. You can se state of this request.
+  * with role requests - when assigned role represented by a recertification item is removed, the assigned role is removed by role request. You can see the state of this request.
-{{ :undefined:recertification-request-detail.png |}}
+{{  :undefined:recertification-request-detail.png  }}
 ==== Recertification actions ====
@@ Line 32: / Line 36: @@
 Contains requests grouped by recertification action executed by bulk actions.
-{{ :devel:documentation:recertification-actions.png |}}
+{{  :devel:documentation:recertification-actions.png  }}
 ==== Identity and role detail ====
@@ Line 38: / Line 42: @@
 Tab with recertified assigned roles was added to role and identity detail.
-{{ :devel:documentation:recertification-identity-tab.png |}}
+{{  :devel:documentation:recertification-identity-tab.png  }}
-<note tip>''READ'' recertification items persmission is needed. Transitive authorization evaluators (by recertification request and action) were prepared, see security chapter.</note>
+<note tip>''READ''  permission for recertification items is needed. Transitive authorization evaluators (by recertification request and action) were prepared, see the security chapter.</note>
 ==== Identity and role table ====
-Bulk action for start recertification action is available on identity and role table.
+Bulk action for starting a recertification action is available on identity and role table.
-{{ :devel:documentation:recertification-bulk-action.png |}}
+{{  :devel:documentation:recertification-bulk-action.png  }}
 Bulk action modal window
-{{ :devel:documentation:recertification-bulk-action-detail.png |}}
+{{  .:9_011.png?nolink&1055x633  }}
-<note tip>Recertification action name will be filled automatically by selected roles or identities (if more than 15 records is selected, thne name will be truncated to prevent long names).</note>
+<note tip>Recertification action name will be filled automatically by selected roles or identities (if more than 15 records is selected, the name will be truncated to prevent long names).</note>
 <note tip>Recertification due date is required and prefilled by [[#configuration|configuration]].</note>
+===== Notification before recertification ends =====
+Configurable task is standard long running task, configuration is set in task planner. Task search for recertifications with due date near end and send notification.
+**Configuration**
+  * Number of days before recertification ends - ie. 5
+  * Script - script for overload recipient search. Without script (default behavior) LRT finds recertification approver. With custom search script different recipients can be found, input is RecRecertificationDto, output is List<IdmIdentityDto>.
+  * Notification topic - Topic for notification, default value is: **rec:recertificationDueDateWarning**  (notification with url), second one is **rec:recertificationDueDateWarningSubordinates**  (information about recertification approvers etc.).
+  * Merge notification for one identity - information about all recertifications are sorted by identity (recipient), each identity get one notification with list of all recertifications where it is recipient.
+With module, 2 standard script for search recipients are provided:
+  * recFindIdentitiesWithHelpdeskRole - find all active identities with role.
+  * recFindRecertificationApproversManagers - find recertification approvers and for every identity finds its manager.
+===== Hard (force) recertification =====
+For every recertification (since 3.2.0 module version) can be setup boolean flag "Hard recertification". Every recertification will be after the due date checked and all not processed recertification will be processed with new task (RecertificationRemoveRolesTaskExecutor) and **role will be removed**.
+<WRAP center round important 60%>
+Long running task RecertificationRemoveRolesTaskExecutor isn't planned by default. For hard recertification is required to plan the task at least one per day.
+</WRAP> \\
+For project that updates from older versions will be for all recertification setup the new hard recertification flag to false = hard recertification disabled.
+Long running task RecertificationRemoveRolesTaskExecutor has only one configuration - days after. The paramter days after is for configuration how long after due date by recertification will be roles removed. By default is the parameter zero. This is equivalent to remove roles directly after due date.
+{{  .:1_042.png?nolink&1057x564  }}