Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tutorial:adm:role_change_configuration [2019/10/29 08:22] kopro fix the wrong documentation |
tutorial:adm:role_change_configuration [2022/03/29 15:06] (current) apeterova extras approval workflows + fixed supported priorities |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Role assignment - approval process configuration ====== | ====== Role assignment - approval process configuration ====== | ||
- | Process of role change request approval is managed by CzechIdM [[devel: | + | Process of role change request approval is managed by CzechIdM [[:devel: |
- | <note tip>If you are not familiar with CzechIdM configuration, | + | |
- | **Enabling or disabling approval rounds** of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configurational | + | |
- | | + | * **idm.sec.core.wf.approval.helpdesk.enabled** |
- | * **idm.sec.core.wf.approval.manager.enabled** – true/false, enabling or disabling of approval by manager (supervisor, | + | * **idm.sec.core.wf.approval.manager.enabled** |
- | * **idm.sec.core.wf.approval.usermanager.enabled** – true/false, enabling or disabling of approval by user's manager department (approvers is defined by role), | + | * **idm.sec.core.wf.approval.usermanager.enabled** |
- | * **idm.sec.core.wf.approval.security.enabled** – true/false, enabling or disabling of approval by security department (approvers is defined by role). | + | * **idm.sec.core.wf.approval.security.enabled** |
+ | {{ : | ||
- | {{ :devel: | + | **Who approves** |
- | **Who approves** the role change request in each round is configured by following properties: | ||
* **idm.sec.core.wf.approval.helpdesk.role** | * **idm.sec.core.wf.approval.helpdesk.role** | ||
- | * **idm.sec.core.wf.approval.usermanager.role** | + | * **idm.sec.core.wf.approval.usermanager.role** |
* **idm.sec.core.wf.approval.security.role** | * **idm.sec.core.wf.approval.security.role** | ||
- | + | Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g **idm.sec.core.wf.approval.security.role = Security** | |
- | Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g **idm.sec.core.wf.approval.security.role = Security** says that users having role Security assigned approve the role request process in step designated to security department. | + | |
===== Role criticality/ | ===== Role criticality/ | ||
- | Standard role approval process takes into account also role criticality. Each role can have its priority set [[tutorial: | + | Standard role approval process takes into account also role criticality. Each role can have its priority set [[.: |
- | The basic workflow names are: **approve-role-by-guarantee** (approved by the guarantee | + | The basic workflow names are: **approve-role-by-guarantee** |
**Defaults: | **Defaults: | ||
- | - idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security | + | * idm.sec.core.wf.role.approval.0 is not specified (no additional approval workflow is used) |
- | - idm.sec.core.wf.role.approval.2=approve-role-by-guarantee | + | * idm.sec.core.wf.role.approval.1=approve-role-by-manager |
- | - idm.sec.core.wf.role.approval.1=approve-role-by-manager | + | |
+ | | ||
+ | * idm.sec.core.wf.role.approval.4 is not specified (no additional approval workflow is used) | ||
+ | |||
+ | Other types of approval workflows can be found in the [[: |