Skip to main content

Permissions management

Description

The permissions management process type is used to define processes used to create, update and remove permissions and account to identities.

You can use the default template included on Soffid BPM Editor and custom it with your business needs. Also you can import a .pardef file with the process definition.

To that process workflow are defined 4 default steps.

  • Start
  • Grant approval
  • Apply changes
  • End

You could add new steps, delete steps, and custom steps to define your process workflow.

We will use two concepts to explain that process, identity and end-user. Identity will be the identity or user that will be created, updated or deleted in Soffid Console. The end-user is referred to a user of Soffid that will request for processes using the self service portal.

Process editor

  • Process name: identifier name of the workflow. This name will be used to label the workflow for the end-user.
  • Process type:  to use this BPM editor you need to select Permissions management.
  • Description: brief description of the workflow. When an end-user starts a workflow, this text will be displayed into the Actions log tab.
  • Initiators: here you could configure the roles or the identities that could start a new workflow from the Console and Selfservice. E.g. "admin" identity, "SOFFID_ADMIN" role, both separated by comma ',' as "admin, SOFFID_ADMIN" or if you want to publish the workflow to everyone, you can use the text "tothom" or the character '*' .  The users who are initiators will be able to request that process from their self-service portal.
  • Managers: here you could configure the roles or the identities that could perform tasks in the workflow as approve permissions or cancel the workflow.
  • Observers: here you could configure the roles or the identities that could open the workflows in read-only mode.

Process steps

To view the detail of each available step, you can visit the Process management steps chapter.

Attributes

On the Attributes tab is allowed creating custom attributes to be used to configure the workflow. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the Process management type there are one attribute defined:

  • grants: allows you to select a information systems and assign or revoke permissions.

    You can customize attributes to adapt the workflow to your business process. You can add new attributes, update or delete the default attributes. For each new attribute you need to indicate, at least, the code, the label and the data type.

    Actions

    Process actions

    Save

    Allows you to save all changes included in the workflow. That workflow can be a new or an update workflow.

    Save and Publish

    Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

    Cancel

    Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

    Attribute actions

    Add attribute

    Allows you to add a new attribute. When you click the button "Add attribute" Soffid will show the fields to fill in for the new attribute. It is mandatory fill in the code to save the process.

    The attributes updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

    Delete attribute

    Allows you to delete a defined attribute. To delete an attribute you need to click the button with the subtraction symbol (-)  located next to the label field. The attributes updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

    Add value

    Allows you to add a new value to the attribute. To add a new value you need to click the button with the add symbol (+) located at the end of the "Values" label.

    The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

    Delete value

    Allows you to delete a value to the attribute. To delete an attribute you need to click the subtraction symbol (-) located close to the value you want to delete.

    The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

     

    Back to top