Permissions management

Description

The permissions management process type is used to define processes used to create, update and remove permissions and account to identities.

You can use the default template included on Soffid BPM Editor and custom it with your business needs. Also you can import a .pardef file with the process definition.

To that process workflow are defined 4 default steps.

Start
Approve
Apply changes
End

You could add new steps, delete steps, and custom steps to define your process workflow.

We will use two concepts to explain that process, identity and end-user. Identity will be the idententity or user that will be created, updated or deleted in Soffid Console. The end-user is referred to a user of Soffid that will request for processes using the self service portal.

Start

Process steps

~~That~~To isview the ~~start point~~detail of ~~the~~each ~~workflow. At that~~available step, you ~~could~~can ~~define~~visit the ~~fields~~Process ~~you want to show when the users will go to generate a task and the transitions available. Also you may define the permission request screen type.~~

Task details

~~On the Task detail tab, you may choose the permission request screen type. There are two available options~~

~~List of permissions~~: ~~&&TODO&& No me muestra ningun campo~~

~~Self service request~~:

Fields

Trigger

~~For more information visit the~~ ~~Triggers Tab page~~

Incoming transitions

~~For more information visit the~~ ~~Incoming transitions Tab page~~

Outgoing transitions

~~For more information visit the~~ ~~Outgoing transitions Tab page~~

Grant approval

~~That step type allows you to define the rules to create a new task to request~~ ~~&&TODO&&~~

Task detail

~~asdgadgf&&TODO&&~~

~~Task name~~~~: identified name for the task that will be created.~~

~~Permission request screen type~~~~: allows selecting the type of screen for permission request.~~

~~Actor(s) expression~~~~: write an expression to identify the actor depending on the requested role. One can use EL expressions based on role and application attributes. For instance: SOFFID_MANAGER/${primaryGroup}~~

~~Assignment script~~~~: alternatively, write a Beanshell script to return the actor depending on the process variables.For instance: return primaryGroup.attributes{"owner"};~~

~~Approve from email~~~~: checked it to allows you to send a mail for approval the task.~~

Incoming transitions

~~For more information visit the~~ ~~Incoming transitions Tab page~~

Outgoing transitions

~~For more information visit the~~ ~~Outgoing transitions Tab page~~

Apply changes

Task detail

~~&&TODO&&~~ ~~asdf~~

Incoming transitions

~~For more information visit the~~ ~~Incoming transitions Tab page~~

Outgoing transitions

~~For more information visit the~~ ~~Outgoing transitions Tab page~~

End

~~&&TODO&&~~

~~That is the last point of the workflow. When the workflow get that point, the workflow will be finished.~~

~~At this step you can configure the incoming transition by adding script Action. That step does not have task detail or outgoing transitions.~~

Incoming transitions

~~For more information visit the~~ ~~Incoming transitions Tab page~~

Outgoing transitions

~~For more information visit the~~ ~~Outgoing transitions Tab page~~

Other available steps

~~You can find other available~~management steps ~~to customize your business workflows. Visit that~~ ~~Other step types~~chapter. ~~chapter.~~

~~Detect duplicated user~~

~~Custom~~

~~Mail~~

~~Fork~~

~~Join~~

~~End~~

Attributes

On the Attributes tab is allowed creating custom attributes to be used to configure the workflow. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the ~~Permission~~Process management type there are ~~three~~one ~~attributes~~attribute defined:

grants: allows you to select a information systems and assign or revoke permissions.

You can customize attributes to adapt the workflow to your business process. You can add new attributes, update or delete the default attributes. For each new attribute you need to indicate, at least, the code, the label and the data type.

Code: text used internally as an identifier by the system. Try to create a short one without spaces and with uppercase to separate words. That name will be available on the fields tab of the proper steps.

Label: name of the new attribute.

Date Type: allows you to select the object type of the attribute you are defining. The data types will be the types defined on Metadata. The data type inclucudes:
- Basic data: Boolean, String, ....
- Extended data: E-mal, Photo, ....
- Default Soffid objects: Users, Groups, ....
- Custom Soffid objects.

Multiple values: if you check it, the attribute will accept multiple values.

Size: allows you to determine the length of the field.

Values: allows you to define specific values for that attribute.

Actions

Process actions

Save	Allows you to save all changes included in the workflow. That workflow can be a new or an update workflow.
Save and Publish	Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.
Cancel	Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

Attribute actions

*Add ~~https://es.wikipedia.org/wiki/Expression_Language~~attribute	Allows you to add a new attribute. When you click the button "Add attribute" Soffid will show the fields to fill in for the new attribute. It is mandatory fill in the code to save the process. The attributes updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.
Delete attribute	Allows you to delete a defined attribute. To delete an attribute you need to click the button with the subtraction symbol (-) located next to the label field. The attributes updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.
Add value	Allows you to add a new value to the attribute. To add a new value you need to click the button with the add symbol (+) located at the end of the "Values" label. The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.
Delete value	Allows you to delete a value to the attribute. To delete an attribute you need to click the subtraction symbol (-) located close to the value you want to delete. The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.