Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorial:adm:role_change_configuration [2017/11/04 09:37]
poulm
tutorial:adm:role_change_configuration [2019/10/29 08:22] (current)
kopro fix the wrong documentation
Line 1: Line 1:
 +====== Role assignment - approval process configuration ======
  
 +Process of role change request approval is managed by CzechIdM [[devel:​documentation:​role_change|standard approval workflow]]. The workflow can be configured. ​
 +<note tip>If you are not familiar with CzechIdM configuration,​ read [[tutorial:​adm:​application_configuration|this tutorial]]</​note>​
 +**Enabling or disabling approval rounds** of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configurational file //​application.properties//​ or by an explicit entry in the tab **Settings -> Configuration**:​
 +
 +  * **idm.sec.core.wf.approval.helpdesk.enabled** – true/false, enabling or disabling of approval by helpdesk (approvers is defined by role),
 +  * **idm.sec.core.wf.approval.manager.enabled** – true/false, enabling or disabling of approval by manager (supervisor,​ guarantee of user),
 +  * **idm.sec.core.wf.approval.usermanager.enabled** – true/false, enabling or disabling of approval by user's manager department (approvers is defined by role),
 +  * **idm.sec.core.wf.approval.security.enabled** – true/false, enabling or disabling of approval by security department (approvers is defined by role).
 +
 +{{ :​devel:​adm:​configurable_items_approving.png?​600 | Configuring roles approval}}
 +
 +**Who approves** the role change request in each round is configured by following properties:
 +  * **idm.sec.core.wf.approval.helpdesk.role**
 +  * **idm.sec.core.wf.approval.usermanager.role** ​
 +  * **idm.sec.core.wf.approval.security.role**
 +
 +Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g **idm.sec.core.wf.approval.security.role = Security** says that users having role Security assigned approve the role request process in step designated to security department.
 +
 +===== Role criticality/​priority =====
 +
 +Standard role approval process takes into account also role criticality. Each role can have its priority set [[tutorial:​adm:​new_role|in its definition]]. In application configuration there can be defined, who approves which criticality level by properties of the form **idm.sec.core.wf.role.approval<​1-5>​**. The value of each property is the name of the workflow which approves the given criticality level.
 +
 +The basic workflow names are: **approve-role-by-guarantee** (approved by the guarantee of the role), **approve-role-by-manager** (approved by the manager of the user for whom the role is requested).
 +
 +**Defaults:​**
 +
 +- idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security
 +- idm.sec.core.wf.role.approval.2=approve-role-by-guarantee
 +- idm.sec.core.wf.role.approval.1=approve-role-by-manager