Roles
Description
Define the permission that determine what can and cannot do in a system. The main goal is achieve an optimal security administration.
When needed, generic roles can be created. When such a role is granted to any user, it is converted into a specific role by specifying an organization unit, information system or a specific value. So, for example, an generic emergency coordinator role can be created. The master emergency coordinator will have this role granted for the whole organization, while a remote office emergency coordinator will have this role granted for his single unit.
Search Types
You can search for groups created in the system by applying different ways of searching:
Quick
This option allows quick search by fields that have been defined in the application metadata.
Basic
This is the default option. It provides some default search criteria, but other criteria can be added from the add criteria option.
Each search criterion will have different search forms depending on the type of data in the particular field. For example, a text field provide four different options to search, "Contains", "Start with", "End with" and "Equals", a date field provide the date "Since" and date "Until".
Each criterion will be added to the previous ones.
Advanced
This option allows an advanced search system using the SCIM standard.
You can access to SCIM Chapter for more information
Screen overview
&&TODO&&
Related objects
Custom attributes
Role detail
- Name: rol name.
- Description: detailed role description.
- System: system from a technical point of view (active directory, database, ...).
- Category:
- Information system name: information asset to which the role is assigned.
- Domain: limitation of role scope to this domain.
- BPM enabled: enables "Role assignments" workflow.
Advanced function for workflow "Permissions Approval ": &&TODO&& Hay que definir mas adelante el Workflow y poner el link
- Approval start: at this date, Soffid will connect to the system and will assign the role. If there is no approval start, it will be assigned at the moment.
- Apploval end: at this date, Soffid will connect to the system and will revoke the role.
¿Cómo se puede indicar las fechas approval start and end?
Granted roles
On the granted roles tab, you can assign the privileges of a role of this system to another role in another system.
To Youassign privileges you must click the button with the add symbol (+), then select the group, finish and apply changes. With this operation all the permissions of this group will be assigned to the role.
If you want to revoke permissions, you must select theone role,or more records from anotherthe system,list toand whichclicking the privilegesbutton arewith tothe besubtraction assigned.symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Grantee roles
On the grantee roles tab, you can assign the privileges of a role of any other system to a role from this system.
To assign privileges you must click the button with the add symbol (+), then select the group, finish and apply changes. With this operation all the permissions of this group will be assigned to the role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Grantee groups
On the grantee groups tab, you can assign the privileges of a specific group to a role from this system.system, or revoke the privileges.
To assign privileges you must click the button with the add symbol (+), then select the group, finish and apply changes. With this operation all the permissions of this group will be assigned to the role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Users
On the users tab, you can assign or revoke roles. To assign a role you must to click the button with the add symbol (+) and choose one or more users, fill the scope when it it mandatory, and set memebership properties. Each role needs an account to be applied to, so, if a user has no account on a system and a role on that system is granted, a new account will be created on this system. In case a user has more than one account on a system, you should indicate wich of the suitable accounts will be granted the role.
It is also possible to revoke roles to the user from the entitlement details or by selecting one or more records from the list and clicking the button with the subtraction symbol.
Additionally you can download a CSV file with the basic users data.
Actions
Roles query
| Query | Allows to query roles through different search systems, Quick, Basic and Advanced. |
| Add or remove columns | Allows to show and hide columns in the table. |
| Add new | Allows to create a new role. |
| Delete | Allows to delete a role. |
| Import | Allows to upload a csv file to add, update or delete roles. |
| Download CSV file | Allows to download a csv file with the basic roles data. |
Roles detail
| Apply changes | Allow to update the data information system. |
| Delete | Allow to delete an information system. |
| Preview changes | |
| Apply preview changes |
Granted roles
Grantee roles
Grantee groups
Users
| Add or remove columns | Allows to show and hide columns in the table. |
| Assign Role | Allows to assign a role to one or more users. |
| Revoke Role | Allows to revoke a role to one or more users. |
| Import | Allows to upload a CSV file with the información about users to assign or revoke that role. |
| Download CSV file | Allows to download a CSV file with all the information about user. |