Role - Creating/editing

To create a new role, go to Role agenda and Role management tab, then click Add. A unique name for the role must be chosen within all the roles. The role can also be placed in one or more folders in the catalogue of roles.

 Role list agenda

A guarantee can be set for every role. Other processes can be related to the guarantee such as approval of assigning a role, change in time validity and its removal from user. See more in the section about role approval.

 New role

The following attributes can be set with every role:

  • Role name – a required unique attribute. The role name is displayed in the majority of GUI forms.
  • Role type – a descriptive attribute, it does not influence working with roles at the moment.
  • Priority level
    • Determines the approval agent of assigning and removing of a given role.
    • During provisioning (writing of data to the end system), a one-value attribute is filled with a role with higher priority
  • Priority – read only, a numerical representation of the priority level.
  • Catalogue folder – every role can be placed in the role catalogue, which is meant for organizing them.
  • Role authorizers – a role guarantee is an identity responsible for managing the role, i.e. they can see them in the role list (Role tab) and are able to act as approvers of assigning/removing of a role (depending on the configuration of the priority level)
  • Role removal approval – if this box is checked, then removing of the role is approved according to the process set in the configuration of CzechIdM. The default selection of CzechIdM configuration for the approval process of removing roles is Approval by role authorizers. Therefore, by checking this box without further configuration, removing of the role from the user will be approved by the role authorizers.
  • Description – an additional description of the role.
  • Inactive – Inactive roles are displayed in grey colour in menus and users are forbidden to select them, i.e. they cannot be requested for, for instance.

After all the requested selections have been entered, click on Save and continue. This will bring you straight to the menu Roles → Role detail, specifically to the detail of the newly created role.