| Both sides previous revision
Previous revision
|
|
tutorial:adm:role_change_configuration [2022/03/08 11:20]
apeterova |
tutorial:adm:role_change_configuration [2022/03/29 15:06]
apeterova extras approval workflows + fixed supported priorities |
| ====== Role assignment - approval process configuration ====== | ====== Role assignment - approval process configuration ====== |
| |
| Process of role change request approval is managed by CzechIdM [[:devel:documentation:role_change|standard approval workflow]]. The workflow can be configured. <note tip>If you are not familiar with CzechIdM configuration, read [[.:application_configuration|this tutorial]]</note> **Enabling or disabling approval rounds** of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configurational file //application.properties// or by an explicit entry in the tab **Settings → Configuration**: | Process of role change request approval is managed by CzechIdM [[:devel:documentation:role_change|standard approval workflow]]. The workflow can be configured. <note tip>If you are not familiar with CzechIdM configuration, read [[.:application_configuration|this tutorial]]</note> **Enabling or disabling approval rounds** of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configuration file //application.properties// or by an explicit entry in the tab **Settings → Configuration**: |
| |
| * **idm.sec.core.wf.approval.helpdesk.enabled** – true/false, enabling or disabling of approval by helpdesk (approvers is defined by role), | * **idm.sec.core.wf.approval.helpdesk.enabled** – true/false, enabling or disabling of approval by helpdesk (approvers is defined by role), |
| ===== Role criticality/priority ===== | ===== Role criticality/priority ===== |
| |
| Standard role approval process takes into account also role criticality. Each role can have its priority set [[.:new_role|in its definition]]. In application configuration there can be defined, who approves which criticality level by properties of the form **idm.sec.core.wf.role.approval<1-5>**. The value of each property is the name of the workflow which approves the given criticality level. | Standard role approval process takes into account also role criticality. Each role can have its priority set [[.:new_role|in its definition]]. In application configuration there can be defined, who approves which criticality level by properties of the form **idm.sec.core.wf.role.approval<0-4>**. The value of each property is the name of the workflow which approves the given criticality level. |
| |
| The basic workflow names are: **approve-role-by-guarantee** (approved by the guarantee of the role), **approve-role-by-manager** (approved by the manager of the user for whom the role is requested). | The basic workflow names are: **approve-role-by-guarantee** (approved by the authorizer of the role), **approve-role-by-manager** (approved by the manager of the user for whom the role is requested), **approve-role-by-guarantee-security** (approved by the authorizer of the role and then the holder of the role Security). |
| |
| **Defaults:** | **Defaults:** |
| |
| | * idm.sec.core.wf.role.approval.0 is not specified (no additional approval workflow is used) |
| | * idm.sec.core.wf.role.approval.1=approve-role-by-manager |
| | * idm.sec.core.wf.role.approval.2=approve-role-by-guarantee |
| * idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security | * idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security |
| * idm.sec.core.wf.role.approval.2=approve-role-by-guarantee | * idm.sec.core.wf.role.approval.4 is not specified (no additional approval workflow is used) |
| * idm.sec.core.wf.role.approval.1=approve-role-by-manager | |
| |
| | Other types of approval workflows can be found in the [[:devel:documentation:modules_extras|Extras module]], see [[:tutorial:adm:modules_extras_wf|Modules - Extras: Workflows for approval of role assignment]] |