Skip to main content

Information systems

Description

Information systems are the systems that Soffid will protect granting and revoking roles. Each role and entry point is bound to an information system.

The information system can be created hierarchically. These information systems are managed in a tree structure. 

Soffid allows you to categorize the information systems to facilitate the management, the available categories are Application, Container and Business. That categories are for information purposes only.

The permission can be granted by using workflows.  You can access to Workflows page for more information.

Screen overview

image.png

    • Users : users belong a one or more groups
    • RoleRoles : roles granted to a user
    • AccountsBPM editor : roles and information system need to be BPM enabled to be menaged on worlkflows

Standard attributes

Basics

  • Type: information system category.
  • Parent: parent within the hierarchy.
  • Name: short name to identify the information system.
  • Qualified name: short name to identify the information system.
  • Description: detailed description information system.
  • Source: documentation.
  • Owner: is the information owner, and has the capability to appoint security manager.
  • ExecutableSoruces: documentation.
  • Binaries: documentation.
  • Database: documentation.
  • Owner name: documentation.
  • BPM enable: if enabled, permissions can be granted by using workflows.
  • Notification emails: this list will be notified on a daily about grants and revokes performed.
  • Approval process: allows you to select a Permissions management process. This process will be initiated when a role, in this information system, is assigned or revoked to a user. It is an advanced function for workflows. You can see an example of the Approval process.
  • Role definition process: allows you to select a Role definition process. This process will be initiated when the definition of a role, in the information system, is updated. It is an advanced function for workflows.  You can see an example of the Role definition process.
  • Single role: if checked, the roles of this application are mutually exclusive: if a user has the role X and want to assign him the role Y, X will be removed to give him Y.
  • Created on: creation date
  • Created by: user who created the object
  • Updated on: last updated date
  • Updated by: last user who update the update
Image

 

image.png

image.png

Role scopes

Role scope or domains are properties that can be assigned to some entitlements, limiting the scope of that entitlement. This can be used to limit, for instance, the maximum amount allowed for a money transfer, or the commercial zones to manage.

On this tab, you can add new domains, you must click the button with the add symbol and fill the information about the new domain. You can also delete a domain or update the domain information.

Other operations allowed are to download a CSV file with the domain data and toOther operations allowed are to download a CSV file with the domain data and to upload a CSV file to add new domains, or update existed domains to add new domains, or update existing domains

Attributes:

  • Domain / Value: name of the domain
  • Description: descripton ot the domain
💻 Image

image.png

Roles

A role is a collection of permissions that determine what operations a user or a group of users can perform on that information system.

On the roles tab is allowed to create, update and delete roles. The effective privileges bound to each role are managed from each application.

To add a new role you must click the button with the add"Add symbolnew" (+)button and fill all the role data.

You can update a specific role by clicking on the right record, making and applying changes.

It is also possible to delete roles from the role details or by selecting one or more records from the list and clicking the button"Delete" with the subtraction symbol (-).button. 

Additionally you can download a CSV file with the roles information and you can also upload a CSV file to add new roles, or modify existing roles.

Attributes:

  • Name: name used to identify the role.
  • Description: detailed role description.
  • System: agent of the target system owner of the role
  • Category: category value of the role
  • Information system: asset or application, from a functional point of view, on which the permissions are granted or revoked.
  • Domain type: domian type of the role
  • BPM enabled: when enabled the role can be managed on the workflows
  • ExternalId: new attribute in Soffid 4 to keep a record of the unique identifier of the object in the final system (useful for synchronisation and renaming).
  • Approval start: at this date, Soffid will connect to the system and will assign the role. If there is no approval start, it will be assigned at the moment.
  • Approval end: at this date, Soffid will connect to the system and will revoke the role.
  • Risk: risk related with SoD rules
  • Created on: text
  • Created by: text
  • Updated on: text
  • Updated by: text
💻 Image

image.png

Users

On the user's tab, Soffid displays all the user with granted roles for this information system.

It is allowed to download a CSV file with all the user data.

Attributes:

  • Name: name of the account where the role is granted
  • Full name: full name of the user owner of the account
  • Group: primary group of the user
  • Role: name used to identify the role.
  • System: agent of the target system owner of the role
  • Domain: domian type of the role
  • Recertification: date of the last recertification
💻 Image

image.png

Effective users

Hierarchy of permissions assigned to or inherited from an account.  If you visit the accounts page, you could see the roles on the Roles tab from a specific account.

Attributes:

  • Name: name of the account where the role is granted
  • Full name: full name of the user owner of the account
  • Group: primary group of the user
  • Role: name used to identify the role.
  • System: agent of the target system owner of the role
  • Domain: domian type of the role
  • Recertification: date of the last recertification
💻 Image

image.png

Managers

On the tab Managers, Soffid displays the Roles with Domain equals to Information System and the proper authorization.

Here you can grant the role to one or more users. You can also assign the role to users on the Roles page or on the Users page. Users who have been assigned this role will be displayed in the Managers tab.

Be in mind, to query the information about the roles and users on the managers tab, it will be mandatory to give authorization to query applications, you must add the role to the authorization (application:query).

Attributes:

  • Role / Managers: name of the role / managers with the role and domain granted
  • Description: description of the role / full name of the user
💻 Image

 

image.png

 ** Role

image.png 

** Authorization

image.png

Actions

Information system querytable actions

"Query buttons"

Allows to query groups through different search systems, Quick, Basic and Advanced.
"Table

Add or remove columnsfilter"

 It

Allowsallows you to showfilter anda hide columnscolumn in the table.

table based on the results loaded in it.

Add new

Allows to create a new information system. You can choose that option on the hamburger menu or clicking the add button (+).

To add a new information system it will be mandatory to fill in the required fields

Add child information system

Allows to add a child to a specific information system. You can choose that option below the father information system.

To add a child it is necessary to fill in the required fields

Import

Allows you to upload a CSV file with the information system list to add or update information systems to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows to download a csv file with the basic information of all information systems. 

Add child information system (+)

Allows to add a child to a specific information system. You can choose that option below the father information system.

To add a child it is necessary to fill in the required fields

Information system detail actions

Apply changes (disk button)

Allows you to save the data of a new information system or to update the data of a specific information system. To save the data it will be mandatory to fill in the required fields

Delete system

Allows you to remove a specific information system. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.
Expand all Displays all the attributes of the different blocks.
Collapse all Hide all attributes of the different blocks.
"Types of views" Change the view type: Classic view, Modern view, Compact design.

Undo

Allows you to quit without applying any changes.

Apply changes

Allows you to save the data of a new information system or to update the data of a specific information system. To save the data it will be mandatory to fill in the required fields
Role scopes actions

Add domainnew

Allows you to add a new domain to limit the scope. You can choose that option on the hamburger menu or clicking the add button (+).

To add a new domain it will be mandatory to fill in the required fields

Import

Allows you to upload a CSV file with the domain list to add or update domains to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows you to download a CSV file with all the information about domains. 
Roles actions

Add ordomain removevalue columns(+)

Allows you to showadd anda hidedomain columnsvalue into a domain type (second node of the table.tree)
Roles actions

Add new

Allows you to create a new role for that information system. You can choose that option on the hamburger menu or clicking the add button (+).

To add a new role it will be mandatory to fill in the required fields

Delete

Allows you to delete one by one or to delete some roles at the same time from an information system .  

To delete some roles at the same time, you need to select the roles, and then click the button with the subtraction symbol (-). 

To delete one role, you can click the users, and then Soffid will show a form with the details. Then you can click the delete button (trash icon). 

Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation. 

Import

Allows you to upload a CSV file with the roles list to add to the information system.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows to download a csv file with the basic role data
View

Allows you to add or remove columns to the table.

It is also possible to change the order of the columns.

Bulk actions

Allows massive operations to be performed on all roles selected.  First of all, you must select the records that you want to update, once you have selected them, you must choose the bulk action on the "three points" icon. For more information visit the Bulk action page.

In addition for each role you can perform the specific operations defined on the Role page

Users actions

Import

Allows you to upload a CSV file with the users list to add to the roles to be granted.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

Download CSV file

Allows to download a CSV file with all the information about users.

EffecdtUsers actions

Download CSV file

Allows to download a CSV file with all the information about users.

Example

Approval process Example

1. Assign a role a to a User: this role belong to an information system with an Approval process configured. 

💻 Image

Information system definition

image.png

💻 Image

Assign a role a to an user

image.png

2. A task to approve o reject is created

💻 Image

image.png

Role definition process example

1. Update a role definition.This role belong to an information system with an Approval process configured. 

💻 Image

Assign a role a to an user

image.png

💻 Image

image.png

1) This assignation is pending to approve

2) This deletion is pending to approve

2. A task to approve o reject is created

Image

image.png


Back to top