Roles
Description
Define the permission that determine what can and cannot do in a system. The main goal is achieve an optimal security administration.
When needed, generic roles can be created. When such a role is granted to any user, it is converted into a specific role by specifying an organization unit, information system or a specific value. So, for example, an generic emergency coordinator role can be created. The master emergency coordinator will have this role granted for the whole organization, while a remote office emergency coordinator will have this role granted for his single unit.
Search Types
You can search for groups created in the system by applying different ways of searching:
Quick
This option allows quick search by fields that have been defined in the application metadata.
Basic
This is the default option. It provides some default search criteria, but other criteria can be added from the add criteria option.
Each search criterion will have different search forms depending on the type of data in the particular field. For example, a text field provide four different options to search, "Contains", "Start with", "End with" and "Equals", a date field provide the date "Since" and date "Until".
Each criterion will be added to the previous ones.
Advanced
This option allows an advanced search system using the SCIM standard.
You can access to SCIM Chapter for more information
Screen overview
&&TODO&&
Related objects
Custom attributes
Role detail
- Name: rol name.
- Description: detailed role description.
- System: system from a technical point of view (active directory, database, ...).
- Category:
- Information system name: information asset to which the role is assigned.
- Domain: limitation of role scope to this domain.
- BPM enabled: enables "Role assignments" workflow.
Advanced function for workflow "Permissions Approval ": &&TODO&& Hay que definir mas adelante el Workflow y poner el link
- Approval start: at this date, Soffid will connect to the system and will assign the role. If there is no approval start, it will be assigned at the moment.
- Apploval end: at this date, Soffid will connect to the system and will revoke the role.
Granted roles
On the granted roles tab, you can assign the privileges of this role to another role in another system.
To assign privileges you must click the button with the add symbol (+), then select the target role, finish and apply changes. With this operation all the permissions of this will be assigned to the target role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Grantee roles
On the grantee roles tab, you can assign the privileges of a role of any other system to this role.
To assign privileges you must click the button with the add symbol (+), then select the source role, finish and apply changes. With this operation all the permissions of the source role will be assigned to this role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Grantee groups
On the grantee groups tab, you can assign the privileges from a specific group to this role from, or revoke the privileges.
To assign privileges you must click the button with the add symbol (+), then select the group, finish and apply changes. With this operation all the permissions of this group will be assigned to the role.
If you want to revoke permissions, you must select one or more records from the list and clicking the button with the subtraction symbol (-).
In addition, you can check the preview changes, it is shown information about the action, the user or account and the role or domain, and you can apply them.
Users
On the users tab, you can assign or revoke roles. To assign a role you must to click the button with the add symbol (+) and choose one or more users, fill the scope when it it mandatory, and set memebership properties. Each role needs an account to be applied to, so, if a user has no account on a system and a role on that system is granted, a new account will be created on this system. In case a user has more than one account on a system, you should indicate wich of the suitable accounts will be granted the role.
It is also possible to revoke roles to the user from the entitlement details or by selecting one or more records from the list and clicking the button with the subtraction symbol.
Additionally you can download a CSV file with the basic users data.
Actions
Roles query
| Query | Allows to query roles through different search systems, Quick, Basic and Advanced. |
| Add or remove columns | Allows to show and hide columns in the table. |
| Add new | Allows to create a new role. |
| Delete | Allows to delete roles. |
| Import | Allows to upload a csv file to add, update or delete roles. |
| Download CSV file | Allows to download a csv file with the basic roles data. |
Roles detail
| Apply changes | Allows to update the data information system. |
| Delete | Allows to delete an information system. |
| Preview changes | Shows the pending changes. |
| Apply preview changes | Allows to apply the pending changes. |
Granted roles
| Apply changes | Allows to update the data changes. |
| Add | Allows to add a new granted role. |
| Delete | Allows to delete one or more granted roles. |
| Preview changes | Shows the pending changes. |
| Apply preview changes | Allows to apply the pending changes. |
Grantee roles
| Apply changes | Allows to update the data changes. |
| Add | Allows to add a new grantee role. |
| Delete | Allows to delete one or more grantee roles. |
| Preview changes | Shows the pending changes. |
| Apply now (changes) | Allows to apply the pending changes. |
Grantee groups
| Apply changes | Allows to update the data changes. |
| Add | Allows to add new permissions from a group. |
| Delete | Allows to delete permissions from one or more groups. |
| Preview changes | Shows the pending changes. |
| Apply now (changes) | Allows to apply the pending changes. |
Users
| Add or remove columns | Allows to show and hide columns in the table. |
| Assign Role | Allows to assign a role to one or more users. |
| Revoke Role | Allows to revoke a role to one or more users. |
| Import | Allows to upload a CSV file with the información about users to assign or revoke that role. |
| Download CSV file | Allows to download a CSV file with all the information about user. |