Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorial:adm:new_role [2019/08/15 11:17]
doischert
tutorial:adm:new_role [2020/05/13 12:01] (current)
svandav [Role - Creating/editing]
Line 18: Line 18:
   * **Catalogue folder** – every role can be placed in the role catalogue, which is meant for organizing them.   * **Catalogue folder** – every role can be placed in the role catalogue, which is meant for organizing them.
   * **Role authorizers** – a role guarantee is an identity responsible for managing the role, i.e. they can see them in the role list (Role tab) and are able to act as approvers of assigning/​removing a role (depending on the configuration of the priority level)   * **Role authorizers** – a role guarantee is an identity responsible for managing the role, i.e. they can see them in the role list (Role tab) and are able to act as approvers of assigning/​removing a role (depending on the configuration of the priority level)
 +    * **Role authorizer type (since 10.3.0)** - Authorize type can be set on the authorizer details (by identity or by role). Selection is possible from the code list, which must be predefined in the agenda **Code lists**. This codebook must have the code **guarantee-type**. For the authorizer type to be visible, at least one value must be defined in the codebook. This fields are not use in IdM now (no bussines logic is implemented)! Are designed for specific using in a projects (for example in approval WF).
   * **Role removal approval** – if this box is checked, then removing the role is approved according to the process set in the configuration of CzechIdM. The default selection of CzechIdM configuration for the approval process of removing roles is Approval by role authorizers. Therefore, by checking this box without further configuration,​ removing of the role from the user will be approved by the role authorizers.   * **Role removal approval** – if this box is checked, then removing the role is approved according to the process set in the configuration of CzechIdM. The default selection of CzechIdM configuration for the approval process of removing roles is Approval by role authorizers. Therefore, by checking this box without further configuration,​ removing of the role from the user will be approved by the role authorizers.
   * **Description** – an additional description of the role.   * **Description** – an additional description of the role.
   * **Inactive** – Inactive roles are displayed in grey colour in menus and users are forbidden to select them, i.e. they cannot be requested for, for instance.   * **Inactive** – Inactive roles are displayed in grey colour in menus and users are forbidden to select them, i.e. they cannot be requested for, for instance.
 +
 +<note tip>​**Role authorizer type:** Selection is possible from the code list, which must be predefined in the agenda **Code lists**. This codebook must have the code **guarantee-type**. For the authorizer type to be visible, at least one value must be defined in the codebook.</​note>​
 +
 +<note tip>​**Role authorizer type:** If you need to find guarantors for a given role, but only for a given type, you can use the **IdmIdentityFilter.setGuaranteeType("​type"​)** filter. Filtering by guarantor type will only work if the filter contains the required role **IdmIdentityFilter.setGuaranteesForRole(roleId)**.</​note>​
  
 After all the requested selections have been entered, click on Save and continue. This will bring you straight to the menu **Roles -> Role detail**, specifically to the detail of the newly created role. After all the requested selections have been entered, click on Save and continue. This will bring you straight to the menu **Roles -> Role detail**, specifically to the detail of the newly created role.