Information systems
Description
Information systems are the systems that Soffid will protect granting and revoking roles. Each role and entry point is bound to an information system.
The information system can be created hierarchically. These information systems are managed in a tree structure.
Soffid allows you to categorize the information systems to facilitate the management, the available categories are Application, Container and Business. That categories are for information purposes only.
The permission can be granted by using workflows. You can access to Workflows page for more information.
Screen overview
Related objects
- Users
- Roles
- BPM editor : roles and information system need to be BPM enabled to be menaged on worlkflows
Standard attributes
Basics
- Type: information system category.
- Parent:
- Name: short name to identify the information system.
- Qualified name: short name to identify the information system.
- Description: detailed description information system.
- Source: documentation.
- Owner: is the information owner, and has the capability to appoint security manager.
- Soruces: documentation.
- Binaries: documentation.
- Database: documentation.
- BPM enable: if enabled, permissions can be granted by using workflows.
- Notification emails: this list will be notified on a daily about grants and revokes performed.
- Approval process: allows you to select a Permissions management process. This process will be initiated when a role, in this information system, is assigned or revoked to a user. It is an advanced function for workflows. You can see an example of the Approval process.
- Role definition process: allows you to select a Role definition process. This process will be initiated when the definition of a role, in the information system, is updated. It is an advanced function for workflows. You can see an example of the Role definition process.
- Single role: if checked, the roles of this application are mutually exclusive: if a user has the role X and want to assign him the role Y, X will be removed to give him Y.
- Created on: creation date
- Created by: user who created the object
- Updated on: last updated date
- Updated by: last user who update the update
Image
Role scopes
Role scope or domains are properties that can be assigned to some entitlements, limiting the scope of that entitlement. This can be used to limit, for instance, the maximum amount allowed for a money transfer, or the commercial zones to manage.
On this tab, you can add new domains, you must click the button with the add symbol and fill the information about the new domain. You can also delete a domain or update the domain information.
Other operations allowed are to download a CSV file with the domain data and toOther operations allowed are to download a CSV file with the domain data and to upload a CSV file to add new domains, or update existed domains to add new domains, or update existing domains
Attributes:
- Domain / Value: name of the domain
- Description: descripton ot the domain
💻 Image
Roles
A role is a collection of permissions that determine what operations a user or a group of users can perform on that information system.
On the roles tab is allowed to create, update and delete roles. The effective privileges bound to each role are managed from each application.
To add a new role you must click the button with the "Add new" button and fill all the role data.
You can update a specific role by clicking on the right record, making and applying changes.
It is also possible to delete roles from the role details or by selecting one or more records from the list and clicking the "Delete" button.
Additionally you can can download a CSV file with the roles information and you can also also upload a CSV file to add new roles, or modify existing roles.
Attributes:
- Name: name used to identify the role.
- Description: detailed role description.
- System: agent of the target system owner of the role
- Category: category value of the role
- Information system: asset or application, from a functional point of view, on which the permissions are granted or revoked.
- Domain type: domian type of the role
- BPM enabled: when enabled the role can be managed on the workflows
- ExternalId: new attribute in Soffid 4 to keep a record of the unique identifier of the object in the final system (useful for synchronisation and renaming).
- Approval start: at this date, Soffid will connect to the system and will assign the role. If there is no approval start, it will be assigned at the moment.
- Approval end:
- Risk: risk related with SoD rules
- Created on: text
- Created by: text
- Updated on: text
- Updated by: text
💻 Image
Users
On the user's tab, Soffid displays all the user with granted roles for this information system.
It is allowed to download a CSV file with all the user data.
Attributes:
- Name: name of the account where the role is granted
- Full name: full name of the user owner of the account
- Group: primary group of the user
- Role: name used to identify the role.
- System: agent of the target system owner of the role
- Domain: domian type of the role
- Recertification: date of the last recertification
💻 Image
Effective users
Hierarchy of permissions assigned to or inherited from an account. If you visit the accounts page, you could see the roles on the Roles tab from a specific account.
Attributes:
- Name: name of the account where the role is granted
- Full name: full name of the user owner of the account
- Group: primary group of the user
- Role: name used to identify the role.
- System: agent of the target system owner of the role
- Domain: domian type of the role
- Recertification: date of the last recertification
💻 Image
Managers
On the tab Managers, Soffid displays the Roles with Domain equals to Information System and the proper authorization.
Here you can grant the role to one or more users. You can also assign the role to users on the Roles page or on the Users page. Users who have been assigned this role will be displayed in the Managers tab.
Be in mind, to query the information about the roles and users on the managers tab, it will be mandatory to give authorization to query applications, you must add the role to the authorization (application:query).
Attributes:
- Role / Managers: name of the role / managers with the role and domain granted
- Description: description of the role / full name of the user
💻 Image
** Role
** Authorization
Actions
Information system table actions
|
"Query buttons" |
Allows to query groups through different search systems, Quick, Basic and Advanced. |
| "Table filter" | It allows you to filter a column in the table based on the results loaded in it. |
|
Add new |
Allows to create a new information system. To add a new information system it will be mandatory to fill in the required fields |
|
Import |
Allows you to upload a CSV file with the information system list to add or update information systems to Soffid. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button. |
|
Download CSV file |
Allows to download a csv file with the basic information of all information systems. |
|
Add child information system (+) |
Allows to add a child to a specific information system. You can choose that option below the father information system. To add a child it is necessary to fill in the required fields |
Information system detail actions
|
Apply changes (disk button) |
Allows you to save the data of a new information system or to update the data of a specific information system. To save the data it will be mandatory to fill in the required fields |
|
Delete system |
Allows you to remove a specific information system. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation. |
| Expand all | Displays all the attributes of the different blocks. |
| Collapse all | Hide all attributes of the different blocks. |
| "Types of views" | Change the view type: Classic view, Modern view, Compact design. |
|
Undo |
Allows you to quit without applying any changes. |
|
Apply changes |
Allows you to save the data of a new information system or to update the data of a specific information system. To save the data it will be mandatory to fill in the required fields |
Role scopes actions
|
Add new |
Allows you to add a new domain to limit the scope. You can choose that option on the hamburger menu or clicking the add button (+). To add a new domain it will be mandatory to fill in the required fields |
|
Import |
Allows you to upload a CSV file with the domain list to add or update domains to Soffid. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button. |
|
Download CSV file |
Allows you to download a CSV file with all the information about domains. |
|
Add domain value (+) |
Allows you to add a domain value to a domain type (second node of the tree) |
Roles actions
|
Add new |
Allows you to create a new role for that information system. You can choose that option on the hamburger menu or clicking the add button (+). To add a new role it will be mandatory to fill in the required fields |
|
Delete |
Allows you to delete one by one or to delete some roles at the same time from an information system . To delete some roles at the same time, you need to select the roles, and then click the button with the subtraction symbol (-). To delete one role, you can click the users, and then Soffid will show a form with the details. Then you can click the delete button (trash icon). Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation. |
|
Import |
Allows you to upload a CSV file with the roles list to add to the information system. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button. |
|
Download CSV file |
Allows to download a csv file with the basic role data |
| View |
Allows you to add or remove columns to the table. It is also possible to change the order of the columns. |
| Bulk actions |
Allows massive operations to be performed on all roles selected. |
In addition for each role you can perform the specific operations defined on the Role page
Users actions
|
Import |
Allows you to upload a CSV file with the users list to add to the roles to be granted. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button. |
|
Download CSV file |
Allows to download a CSV file with all the information about users. |
EffecdtUsers actions
|
Download CSV file |
Allows to download a CSV file with all the information about users. |
Example
Approval process Example
1. Assign a role a to a User: this role belong to an information system with an Approval process configured.
💻 Image
Information system definition
💻 Image
Assign a role a to an user
2. A task to approve o reject is created
💻 Image
Role definition process example
1. Update a role definition.This role belong to an information system with an Approval process configured.
💻 Image
Assign a role a to an user
💻 Image
1) This assignation is pending to approve
2) This deletion is pending to approve
2. A task to approve o reject is created
Image
