Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:role_change_configuration [2017/11/03 11:17]
poulm added criticality configuration 		tutorial:adm:role_change_configuration [2019/10/29 08:22]
kopro fix the wrong documentation
Line 1: Line 1:
 +====== Role assignment - approval process configuration ======
  
 +Process of role change request approval is managed by CzechIdM [[devel:documentation:role_change|standard approval workflow]]. The workflow can be configured. 
 +<note tip>If you are not familiar with CzechIdM configuration, read [[tutorial:adm:application_configuration|this tutorial]]</note>
 +**Enabling or disabling approval rounds** of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configurational file //application.properties// or by an explicit entry in the tab **Settings -> Configuration**:
 +
 +  * **idm.sec.core.wf.approval.helpdesk.enabled** – true/false, enabling or disabling of approval by helpdesk (approvers is defined by role),
 +  * **idm.sec.core.wf.approval.manager.enabled** – true/false, enabling or disabling of approval by manager (supervisor, guarantee of user),
 +  * **idm.sec.core.wf.approval.usermanager.enabled** – true/false, enabling or disabling of approval by user's manager department (approvers is defined by role),
 +  * **idm.sec.core.wf.approval.security.enabled** – true/false, enabling or disabling of approval by security department (approvers is defined by role).
 +
 +{{ :devel:adm:configurable_items_approving.png?600 | Configuring roles approval}}
 +
 +**Who approves** the role change request in each round is configured by following properties:
 +  * **idm.sec.core.wf.approval.helpdesk.role**
 +  * **idm.sec.core.wf.approval.usermanager.role** 
 +  * **idm.sec.core.wf.approval.security.role**
 +
 +Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g **idm.sec.core.wf.approval.security.role = Security** says that users having role Security assigned approve the role request process in step designated to security department.
 +
 +===== Role criticality/priority =====
 +
 +Standard role approval process takes into account also role criticality. Each role can have its priority set [[tutorial:adm:new_role|in its definition]]. In application configuration there can be defined, who approves which criticality level by properties of the form **idm.sec.core.wf.role.approval<1-5>**. The value of each property is the name of the workflow which approves the given criticality level.
 +
 +The basic workflow names are: **approve-role-by-guarantee** (approved by the guarantee of the role), **approve-role-by-manager** (approved by the manager of the user for whom the role is requested).
 +
 +**Defaults:**
 +
 +- idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security
 +- idm.sec.core.wf.role.approval.2=approve-role-by-guarantee
 +- idm.sec.core.wf.role.approval.1=approve-role-by-manager
  • by apeterova