Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help
Agenda of universal requests 
  Role Catalogue

This is an old revision of the document!

Agenda of universal requests 
Documentation  
  Role Catalogue

Role assignment - approval process configuration

Process of role change request approval is managed by CzechIdM standard approval workflow. The workflow can be configured.

If you are not familiar with CzechIdM configuration, read this tutorial

Enabling or disabling approval rounds of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configurational file application.properties or by an explicit entry in the tab Settings → Configuration:

  • idm.sec.core.wf.approval.helpdesk.enabled – true/false, enabling or disabling of approval by helpdesk (role),
  • idm.sec.core.wf.approval.manager.enabled – true/false, enabling or disabling of approval by manager (role),
  • idm.sec.core.wf.approval.usermanager.enabled – true/false, enabling or disabling of approval by user's manager,
  • idm.sec.core.wf.approval.security.enabled – true/false, enabling or disabling of approval by security.

Configuring roles approval

Who approves the role change request in each round is configured by following properties:

  • idm.sec.core.wf.approval.helpdesk.role
  • idm.sec.core.wf.approval.manager.role
  • idm.sec.core.wf.approval.security.role

Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g idm.sec.core.wf.approval.security.role = Security says that users having role Security assigned approve the role request process in step designated to security department.

Role criticality/priority

Standard role approval process takes into account also role criticality. Each role can have its priority set in its definition. In application configuration there can be defined, who approves which criticality level by properties of the form idm.sec.core.wf.role.approval<1-5>. The value of each property is the name of the workflow which approves the given criticality level.

The basic workflow names are: approve-role-by-guarantee (approved by the guarantee of the role), approve-role-by-manager (approved by the manager of the user for whom the role is requested).

Defaults:

- idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security - idm.sec.core.wf.role.approval.2=approve-role-by-guarantee - idm.sec.core.wf.role.approval.1=approve-role-by-manager

  • by hanakp