Skip to main content

Permissions management

Description

The permissions management process type is used to define processes used to create, update and remove permissions and account to identities.

You can use the default template included on Soffid BPM Editor and custom it with your business needs. Also you can import a .pardef file with the process definition.

To that process workflow are defined 4 default steps.

  • Start
  • Approve 
  • Apply changes
  • End

You could add new steps, delete steps, and custom steps to define your process workflow.

We will use two concepts to explain that process, identity and end-user. Identity will be the idententity or user that will be created, updated or deleted in Soffid Console. The end-user is referred to a user of Soffid that will request for processes using the self service portal.

Start

That is the start point of the workflow. At that step, you could define the fields you want to show when the users will go to generate a task and the transitions available. Also you may define the permission request screen type.

Task details

On the Task detail tab, you may choose the permission request screen type. There are two available options

  • List of permissions: &&TODO&& No me muestra ningun campo
  • Self service request

Fields

 

Trigger

For more information visit the Triggers Tab page

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Grant approval

That step type allows you to define the rules to create a new task to request &&TODO&&

Task detail

asdgadgf&&TODO&&

  • Task name: identified name for the task that will be created.
  • Permission request screen type: allows selecting the type of screen for permission request.
  • Actor(s) expression: write an expression to identify the actor depending on the requested role. One can use EL expressions based on role and application attributes. For instance: SOFFID_MANAGER/${primaryGroup}
  • Assignment script: alternatively, write a Beanshell script to return the actor depending on the process variables.For instance: return primaryGroup.attributes{"owner"};
  • Approve from email: checked it to allows you to send a mail for approval the task.

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Apply changes

Task detail

&&TODO&& asdf

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

End

&&TODO&&

That is the last point of the workflow. When the workflow get that point, the workflow will be finished.

At this step you can configure the incoming transition by adding script Action. That step does not have task detail or outgoing transitions.

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page


Other available steps

You can find other available steps to customize your business workflows. Visit that Other step types chapter.

Attributes

On the Attributes tab is allowed creating custom attributes to be used to configure the workflow. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the Permission management type there are three attributes defined:

  • grants: allows you to select a information systems and assign or revoke permissions.

You can customize attributes to adapt the workflow to your business process. 

Actions

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an update workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates


* https://es.wikipedia.org/wiki/Expression_Language