https://redmine.czechidm.com/https://redmine.czechidm.com/themes/purplemine2/favicon/favicon.ico?16339658642018-06-19T10:55:11ZIdStory Identity ManagerIdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=55412018-06-19T10:55:11ZAlena Peterováalena.peterova@bcvsolutions.eu
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-2 priority-default prio-name-normal closed" href="/issues/1085">Task #1085</a>: Display the contract in the tasks of the role request</i> added</li></ul> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=55422018-06-19T11:00:25ZAlena Peterováalena.peterova@bcvsolutions.eu
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/5542/diff?detail_id=8008">diff</a>)</li></ul> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=104212020-01-06T09:56:27ZMarcel Poulmarcel.poul@bcvsolutions.eu
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-2 priority-default prio-name-normal closed" href="/issues/2002">Task #2002</a>: Managers of contracts ended in the past shouldn't be able to change roles for currect contract</i> added</li></ul> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=115732020-04-15T09:16:28ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-2 priority-default prio-name-normal closed" href="/issues/2204">Task #2204</a>: Authorization policies: Add permission to identity by contract (transitively)</i> added</li></ul> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=115752020-04-15T09:18:31ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Needs feedback</i></li><li><strong>Assignee</strong> changed from <i>Radek Tomiška</i> to <i>Vít Švanda</i></li><li><strong>Target version</strong> set to <i>10.3.0</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>90</i></li></ul><p>I accidentally implemented this together with <a class="issue tracker-2 status-5 priority-2 priority-default prio-name-normal closed" title="Task: Authorization policies: Add permission to identity by contract (transitively) (Closed)" href="https://redmine.czechidm.com/issues/2204">#2204</a> - it covers this UC too :).<br />I improved default authorization policies setting for userRole:<br /><a class="external" href="https://wiki.czechidm.com/devel/documentation/security/dev/authorization#manager_and_subordinates">https://wiki.czechidm.com/devel/documentation/security/dev/authorization#manager_and_subordinates</a></p>
<p>Could you provide me a feedback please?</p> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=116292020-04-17T10:21:11ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<ul><li><strong>Status</strong> changed from <i>Needs feedback</i> to <i>In Progress</i></li><li><strong>Assignee</strong> changed from <i>Vít Švanda</i> to <i>Radek Tomiška</i></li><li><strong>% Done</strong> changed from <i>90</i> to <i>50</i></li></ul><p>One requirement from description is not implemented:<br />Also in the approval round for role requests - approval by manager - there should be only the manager of the contract, for which are the roles requested.</p> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=116432020-04-20T11:18:47ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-1 priority-2 priority-default prio-name-normal" href="/issues/2220">Task #2220</a>: Split role request approval by contract managers</i> added</li></ul> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=116472020-04-20T11:57:22ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Needs feedback</i></li><li><strong>Assignee</strong> changed from <i>Radek Tomiška</i> to <i>Vít Švanda</i></li><li><strong>% Done</strong> changed from <i>50</i> to <i>90</i></li></ul><p>I've added base permission 'CHANGEPERMISSION' to contracts. This permission can be granted per contract instead adding it to whole identity.<br />When role request is created by contract manager, then he can change or add assigned role just for his contracts (other assigned roles can be shown only - buttons are disabled).</p>
<p>Role request approval fits with UC, when role request is created by manager (~approval round by manager is skipped autoamatically).</p>
<p>For role request approval, when two or more diffierent managers are involved (e.g. role request is created by adminstrator), new ticket <a class="issue tracker-2 status-1 priority-2 priority-default prio-name-normal" title="Task: Split role request approval by contract managers (New)" href="https://redmine.czechidm.com/issues/2220">#2220</a> was created.</p>
<p>Commit:<br /><a class="external" href="https://github.com/bcvsolutions/CzechIdMng/commit/cd95affc6511b31559e3d6c9a4377c072934eab8">https://github.com/bcvsolutions/CzechIdMng/commit/cd95affc6511b31559e3d6c9a4377c072934eab8</a></p>
<p>Doc:<br /><a class="external" href="https://wiki.czechidm.com/devel/documentation/security/dev/authorization#manager_and_subordinates">https://wiki.czechidm.com/devel/documentation/security/dev/authorization#manager_and_subordinates</a></p>
<p>Could you please provide me a feedback?</p>
<p>Note: Base permission 'CHANGEPERMISSION' to contracts should be granted automatically by user role (~IdentityContractByIdentityEvaluator), so no additional configuration is needed for backward compatibility. But I've added note into change log too.</p> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=117422020-04-28T12:56:32ZVít Švanda
<ul><li><strong>Status</strong> changed from <i>Needs feedback</i> to <i>Resolved</i></li><li><strong>Assignee</strong> changed from <i>Vít Švanda</i> to <i>Radek Tomiška</i></li><li><strong>% Done</strong> changed from <i>90</i> to <i>100</i></li></ul><p>I did review and test. Works perfectly. Manager can change permission only for his contracts now. I appreciate implementatio of "addPermissions" feature. This prevent redundant request on the BE. Thanks for that.</p> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=119612020-05-15T13:36:16ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul> IdStory Identity Manager - Feature #1146: Managers should change roles only for the contracts, for which they are managershttps://redmine.czechidm.com/issues/1146?journal_id=161022021-09-01T10:18:06ZRadek Tomiškaradek.tomiska@bcvsolutions.eu
<ul><li><strong>Related to</strong> <i><a class="issue tracker-5 status-5 priority-1 priority-lowest prio-name-low closed" href="/issues/2926">Feature #2926</a>: Bulk action: Assign role to identity for contract managers and role guarantees</i> added</li></ul>