Project

General

Profile

Actions

Feature #1299

closed

SoD: Mutual incompatibility of roles in CzechIdM

Added by Vladimír Kotýnek about 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Radek Tomiška
Category:
Roles
Target version:
Start date:
10/08/2018
Due date:
% Done:

100%

Estimated time:
40.00 h
Owner:

Description

Old generation of CzechIdM had a feature of Role's incompatibility (https://blog.bcvsolutions.eu/neslucitelnost-roli/). The incompatibility means that you can define restrictions on roles A nad B that will forbid any user or process to assign those to roles together to the same user.
In new generation of CezchIdM we woud like to have a similar feature. However, due to our experiences from CzechIdM deployments on projects we want the incompatibility to be "soft". It means that CzechIdM will allow the user to have incompatible roles assigned to the identity, but an administrator/security manager will be notified about this incident. Security will also have tools to generate reports with users and their incompatible roles.
It would be nice if CzechIdM was able to show a warning sign to the user in role request form and in role request task if the requested role is incompatible with other assigned/requested roles of the identity.
Before the implementation itself begins a better feature specification should be made.


Files

identity-incompatible-role-report-20190116102527.xlsx (19.5 KB) identity-incompatible-role-report-20190116102527.xlsx Report with identities with assigned incompatible roles Radek Tomiška, 01/16/2019 11:44 AM

Related issues

Related to IdStory Identity Manager - Task #1469: SoD: improve report renderer - split columnsClosedRadek Tomiška01/23/2019

Actions
Actions

Also available in: Atom PDF