Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorial:adm:role_change_configuration [2019/10/29 08:22]
kopro fix the wrong documentation
tutorial:adm:role_change_configuration [2022/03/29 15:06] (current)
apeterova extras approval workflows + fixed supported priorities
Line 1: Line 1:
 ====== Role assignment - approval process configuration ====== ====== Role assignment - approval process configuration ======
  
-Process of role change request approval is managed by CzechIdM [[devel:documentation:role_change|standard approval workflow]]. The workflow can be configured.  +Process of role change request approval is managed by CzechIdM [[:devel:documentation:role_change|standard approval workflow]]. The workflow can be configured. <note tip>If you are not familiar with CzechIdM configuration, read [[.:application_configuration|this tutorial]]</note> **Enabling or disabling approval rounds** of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configuration file //application.properties// or by an explicit entry in the tab **Settings → Configuration**:
-<note tip>If you are not familiar with CzechIdM configuration, read [[tutorial:adm:application_configuration|this tutorial]]</note> +
-**Enabling or disabling approval rounds** of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configurational file //application.properties// or by an explicit entry in the tab **Settings -> Configuration**:+
  
-  * **idm.sec.core.wf.approval.helpdesk.enabled** – true/false, enabling or disabling of approval by helpdesk (approvers is defined by role), +   * **idm.sec.core.wf.approval.helpdesk.enabled**  – true/false, enabling or disabling of approval by helpdesk (approvers is defined by role), 
-  * **idm.sec.core.wf.approval.manager.enabled** – true/false, enabling or disabling of approval by manager (supervisor, guarantee of user), +  * **idm.sec.core.wf.approval.manager.enabled**  – true/false, enabling or disabling of approval by manager (supervisor, guarantee of user), 
-  * **idm.sec.core.wf.approval.usermanager.enabled** – true/false, enabling or disabling of approval by user's manager department (approvers is defined by role), +  * **idm.sec.core.wf.approval.usermanager.enabled**  – true/false, enabling or disabling of approval by user's manager department (approvers is defined by role), 
-  * **idm.sec.core.wf.approval.security.enabled** – true/false, enabling or disabling of approval by security department (approvers is defined by role).+  * **idm.sec.core.wf.approval.security.enabled**  – true/false, enabling or disabling of approval by security department (approvers is defined by role). 
 +{{  :devel:adm:configurable_items_approving.png?600  | Configuring roles approval}}
  
-{{ :devel:adm:configurable_items_approving.png?600 | Configuring roles approval}}+**Who approves**  the role change request in each round is configured by following properties:
  
-**Who approves** the role change request in each round is configured by following properties: 
   * **idm.sec.core.wf.approval.helpdesk.role**   * **idm.sec.core.wf.approval.helpdesk.role**
-  * **idm.sec.core.wf.approval.usermanager.role** +  * **idm.sec.core.wf.approval.usermanager.role**
   * **idm.sec.core.wf.approval.security.role**   * **idm.sec.core.wf.approval.security.role**
- +Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g **idm.sec.core.wf.approval.security.role = Security**  says that users having role Security assigned approve the role request process in step designated to security department.
-Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g **idm.sec.core.wf.approval.security.role = Security** says that users having role Security assigned approve the role request process in step designated to security department.+
  
 ===== Role criticality/priority ===== ===== Role criticality/priority =====
  
-Standard role approval process takes into account also role criticality. Each role can have its priority set [[tutorial:adm:new_role|in its definition]]. In application configuration there can be defined, who approves which criticality level by properties of the form **idm.sec.core.wf.role.approval<1-5>**. The value of each property is the name of the workflow which approves the given criticality level.+Standard role approval process takes into account also role criticality. Each role can have its priority set [[.:new_role|in its definition]]. In application configuration there can be defined, who approves which criticality level by properties of the form **idm.sec.core.wf.role.approval<0-4>**. The value of each property is the name of the workflow which approves the given criticality level.
  
-The basic workflow names are: **approve-role-by-guarantee** (approved by the guarantee of the role), **approve-role-by-manager** (approved by the manager of the user for whom the role is requested).+The basic workflow names are: **approve-role-by-guarantee**  (approved by the authorizer of the role), **approve-role-by-manager**  (approved by the manager of the user for whom the role is requested), **approve-role-by-guarantee-security** (approved by the authorizer of the role and then the holder of the role Security).
  
 **Defaults:** **Defaults:**
  
-idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security +  * idm.sec.core.wf.role.approval.0 is not specified (no additional approval workflow is used) 
-idm.sec.core.wf.role.approval.2=approve-role-by-guarantee +  * idm.sec.core.wf.role.approval.1=approve-role-by-manager 
-idm.sec.core.wf.role.approval.1=approve-role-by-manager+  idm.sec.core.wf.role.approval.2=approve-role-by-guarantee 
 +  idm.sec.core.wf.role.approval.3=approve-role-by-guarantee-security 
 +  * idm.sec.core.wf.role.approval.4 is not specified (no additional approval workflow is used) 
 + 
 +Other types of approval workflows can be found in the [[:devel:documentation:modules_extras|Extras module]], see [[:tutorial:adm:modules_extras_wf|Modules - Extras: Workflows for approval of role assignment]]
  • by kopro