Task #1636
closed
Redesign business roles assignment
100%
Description
Redesign business roles assignment - compute all business roles, when role request is created and add business (sub) roles as standard role concepts:
- Add new column to role concept (+ change script)
- Add role request to LRTs, which assigns and removes assigned roles.
- When business role is configured (add + remove sub role), then currently assigned roles are updated by actual role composition.
- cache can be used for get all superior and sub roles by single role (forest index cannot be used for compositions)
Related issues
Updated by Radek Tomiška almost 5 years ago
- Related to Task #1633: Add role request to automatic roles by tree structures added
Updated by Radek Tomiška almost 5 years ago
- Status changed from New to In Progress
- Target version set to Quartz (9.6.0)
Updated by Radek Tomiška almost 5 years ago
- Status changed from In Progress to New
- Target version changed from Quartz (9.6.0) to Rhyolite (9.7.0)
- Estimated time set to 24.00 h
It's needed to add new colums into role concept - direct role, role composition. It not make a sense to request roles by composition by user directly, but we need this columns to be available to add role request to this tasks (~by system).
Updated by Ondřej Kopr almost 5 years ago
- Related to Feature #1632: Add role request to automatic roles by attribute added
Updated by Radek Tomiška almost 5 years ago
- Status changed from New to In Progress
Updated by Vít Švanda almost 5 years ago
- Target version deleted (
Rhyolite (9.7.0))
Updated by Radek Tomiška over 4 years ago
- Status changed from In Progress to New
Updated by Radek Tomiška over 3 years ago
- Subject changed from Add role request to define role composition LRTs to Redesign business roles assignment
- Description updated (diff)
- Priority changed from Normal to High
Updated by Radek Tomiška over 3 years ago
- Related to Defect #2415: Business roles has subroles with mapped system and merge attribute. When you delete for example 2 subroles, one of them still remain on the end system added
Updated by Radek Tomiška over 3 years ago
- Status changed from New to In Progress
- Target version set to 10.6.0
Updated by Radek Tomiška over 3 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
Business role are processed by role request now - it was a last place, where assigned role was saved directly. Role request is the only supported way, how to assign role to identity - saving assigned role directly is deprecated now (but supported for compatibility reason - will be removed in future releases).
Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/977c36d952b9f12c44be4d7980df41275c2feb25
Could you provide me a feedback, please?
Updated by Radek Tomiška over 3 years ago
- Related to Feature #1365: Business default role in synchronization creates 2 links added
Updated by Vít Švanda over 3 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did review and tested it. I am glad you had the courage for doing this redesign. This is big moment for IdM, because all assigned roles are controlled only via requests. Thanks for that.
Note: Newly added columns do not support delete integrity. I suppose the goal for that is performance.
Updated by Radek Tomiška over 3 years ago
- Status changed from Resolved to Closed
Updated by Radek Tomiška over 3 years ago
- Related to Defect #1538: Business role: Show cyclic role in tree, removing business sub role from business role definition, remove account from sub role added
Updated by Radek Tomiška over 3 years ago
- Related to Defect #2605: Automatic role by attribute generates duplicate role requests and assignes subroles directly added
Updated by Vít Švanda about 3 years ago
- Related to Defect #2722: Rejecting of a request for a business role assignes all it's sub roles directly added