Skip to main content

Information systems

Description

Information systems are the systems that Soffid will protect granting and revoking roles. Each role and entry point is bound to an information system.

The information system can be created hierarchically. These information systems are managed in a tree structure. 

Soffid allows you to categorize the information systems to facilitate the management, the available categories are Application, Container and Business. That categories are for information purposes only.

The permission can be granted by using workflows.  You can access to Workflows page for more information.

Screen overview

image.png

  1. Users
  2. Role
  3. Accounts

Custom attributes

Basics

  • Type: information system category.
  • Parent: parent within the hierarchy.
  • Name: short name to identify the information system.
  • Description: detailed description information system.
  • Source: documentation.
  • Owner: is the information owner, and has the capability to appoint security manager.
  • Executable: documentation.
  • Database: documentation.
  • Owner name: documentation.
  • BPM enable: if enabled, permissions can be granted by using workflows.
  • Notification emails: this list will be notified on a daily about grants and revokes performed.
  • Approval process: allows you to select a Permissions management process. This process will be initiated when a role, in this information system, is assigned or revoked to a user. It is an advanced function for workflows. You can see an example of the Approval process.
  • Role definition process: allows you to select a Role definition process. This process will be initiated when the definition of a role, in the information system, is updated. It is an advanced function for workflows.  You can see an example of the Role definition process.
  • Single role: if checked, the roles of this application are mutually exclusive: if a user has the role X and want to assign him the role Y, X will be removed to give him Y.

Role Scopes (Domain)

Role scope or domains are properties that can be assigned to some entitlements, limiting the scope of that entitlement. This can be used to limit, for instance, the maximum amount allowed for a money transfer, or the commercial zones to manage.

On this tab, you can add new domains, you must click the button with the add symbol and fill the information about the new domain. You can also delete a domain or update the domain information.

Other operations allowed are to download a CSV file with the domain data and toOther operations allowed are to download a CSV file with the domain data and to upload a CSV file to add new domains, or update existed domains to add new domains, or update existing domains

💻 Image

image-1720692425389.png

Roles

A role is a collection of permissions that determine what operations a user or a group of users can perform on that information system.

On the roles tab is allowed to create, update and delete roles. The effective privileges bound to each role are managed from each application.

To add a new role you must click the button with the add symbol (+) and fill all the role data.

You can update a specific role by clicking on the right record, making and applying changes.

It is also possible to delete roles from the role details or by selecting one or more records from the list and clicking the button with the subtraction symbol (-). 

Additionally you can download a CSV file with the roles information and you can also upload a CSV file to add new roles, or modify existing roles.

💻 Image

image.png

Users

On the user's tab, Soffid displays all the user with granted roles for this information system.

It is allowed to download a CSV file with all the user data.

💻 Image

image.png

Effective users

Hierarchy of permissions assigned to or inherited from an account.  If you visit the accounts page, you could see the roles on the Roles tab from a specific account.

💻 Image

image-1720693286875.png

Managers

On the tab Managers, Soffid displays the Roles with Domain equals to Information System and the proper authorization.

Here you can grant the role to one or more users. You can also assign the role to users on the Roles page or on the Users page. Users who have been assigned this role will be displayed in the Managers tab.

Be in mind, to query the information about the roles and users on the managers tab, it will be mandatory to give authorization to query applications, you must add the role to the authorization (application:query).

💻 Image

 image.png

 ** Role

image.png

 

** Authorization

image.png

Actions

Information system query

Query

Allows to query groups through different search systems, Quick, Basic and Advanced.

Add or remove columns

Allows to show and hide columns in the table.

Add new

Allows to create a new information system. You can choose that option on the hamburger menu or clicking the add button (+).

To add a new information system it will be mandatory to fill in the required fields

Add child information system

Allows to add a child to a specific information system. You can choose that option below the father information system.

To add a child it is necessary to fill in the required fields

Import

Allows you to upload a CSV file with the information system list to add or update information systems to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows to download a csv file with the basic information of all information systems. 

Information system detail actions

Apply changes

Allows you to save the data of a new information system or to update the data of a specific information system. To save the data it will be mandatory to fill in the required fields

Delete

Allows you to remove a specific information system. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

Undo

Allows you to quit without applying any changes.

Role scopes actions

Add domain

Allows you to add a new domain to limit the scope. You can choose that option on the hamburger menu or clicking the add button (+).

To add a new domain it will be mandatory to fill in the required fields

Import

Allows you to upload a CSV file with the domain list to add or update domains to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows you to download a CSV file with all the information about domains. 

Roles actions

Add or remove columns

Allows you to show and hide columns in the table.

Add new

Allows you to create a new role for that information system. You can choose that option on the hamburger menu or clicking the add button (+).

To add a new role it will be mandatory to fill in the required fields

Delete

Allows you to delete one by one or to delete some roles at the same time from an information system .  

To delete some roles at the same time, you need to select the roles, and then click the button with the subtraction symbol (-). 

To delete one role, you can click the users, and then Soffid will show a form with the details. Then you can click the delete button (trash icon). 

Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation. 

Import

Allows you to upload a CSV file with the roles list to add to the information system.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows to download a csv file with the basic role data

In addition for each role you can perform the specific operations defined on the Role page

Users actions

Download CSV file

Allows to download a CSV file with all the information about users. 

Example

Approval process Example

1. Assign a role a to a User: this role belong to an information system with an Approval process configured. 

💻 Image

Information system definition

image.png

💻 Image

Assign a role a to an user

image.png

2. A task to approve o reject is created

💻 Image

image.png

Role definition process example

1. Update a role definition.This role belong to an information system with an Approval process configured. 

💻 Image

Assign a role a to an user

image.png

💻 Image

image.png

1) This assignation is pending to approve

2) This deletion is pending to approve

2. A task to approve o reject is created

image.png