9.4 - Opal

Version Opal brings the attributes for assigned roles, new agenda of codelists, new dashboard, SoD (incompatibility of roles) and many of small improvements and fixies (all important changes are in the changelog).

In some cases, it is necessary for the user to add additional information when requesting a role. Such information can be, for example, the IP address of the destination station, For each role, it is now possible to define a set of attributes that may be filled / edited to request permission changes.

More about this feature you can find here.

Segregation of Duties (SoD) can be defined by incompatible roles. The incompatibility means that you can define restrictions on roles A nad B that will forbid any user or process to assign those to roles together to the same user. Incompatibility is realized as soft. It means if some roles are incompatible, then only warning is show and additional approval process is executed too.

More about this feature you can find here.

Code list can be defined and used on frontend forms → defines options for the select box (e.g. used on role detail for the environment attribute). Code lists items could have additional extended attributes. Code list works as decorator only.

More about this feature you can find here.

This is new component for copy of assigned roles from another user in the request for change of permissions. If you want to have same roles as another user, this is the easiest way how make request for it.

Extended attributes from this version supports advanced validations, such as a unique and regular expression. These validations are also supported in role's attributes.

More about this feature you can find here.

• #1377 - Parameterization of assigned roles
• #1414 - Role subdefinition for assigned role attributes
• #1291 - Recalculate contract slices after synchronization of slices, before HR processes
• #1299 - SoD: Mutual incompatibility of roles in CzechIdM
• #1391 - Copy roles between users
• #1438 - Validators for EAV attributes
• #1375 - Agenda of codelists
• #1386 - Entity event queue - support remove running events
• #1464 - Recalculation of time slices - temporary removed automatic roles
• #1378 - UX - Dashboard
• #1460 - SoD: Create default approval process
• #1369 - FE: Tree component - multi select, usage for role composition (business roles)
• #1405 - Modify Workflow sync Ldap groups
• #1443 - Add column with role-attribute values (on ConceptRole and IdentityRole table)
• #1406 - Generate default eav values for role concepts and role identity
• #1495 - Provision attachment from eav
• #1372 - Allow download result from bulk action
• #1468 - FE: Key group icon usage on copy identity roles
• #1471 - Authoritative merge - make check value independent on order
• #1458 - FE: Dashboard and identity roles
• #1497 - New toDto method with filter for dto services
• #1050 - Shorttext as default
• #1268 - Improve the AD group synchronization workflow
• #1474 - EAV form: disable change of attribute's persistent type and confidential
• #1437 - SelectBox component - use embedded data
• #1469 - SoD: improve report renderer - split columns
• #1389 - Check box "Throw only NOTIFY event" doesn't say what it does
• #1467 - FE: Dashboard - hide dashboards without data
• #1466 - FE: remove default filter on identity table for active identities
• #1480 - Improve role request detail
• #1484 - Add filter for directly added roles in feature copy roles from identity
• #1140 - Form definition - add module attribute
• #1402 - Read only contract detail is not fully readOnly
• #1411 - Newly started IdM has null in generators cache
• #1085 - Display the contract in the tasks of the role request
• #1428 - Change version forked AD connector
• #1490 - Download and show attachment from eav

• #1388 - Password is not sent when retrying Create operation
• #1441 - Synchronize same structure to more organization structures will not create nodes in the other ones.
• #1431 - Asynchronous provisioning and ProvisioningQueueTaskExecutor doesn't execute provisioning operation
• #1472 - Disabled Attribute with password was provisioned
• #1392 - Audit can't be viewed after retrying a password change or account create
• #1496 - Entity event queue - check original event source for skiping duplicate events
• #1491 - Recalculate automatic roles while identity state was changed
• #1455 - Contract slice - valid till (on previous slice) is not deleted
• #1423 - FE: Dashboard - identity contracts
• #1395 - Fix last expired contract by specific identity
• #1489 - Slice - protection interval - problem when contract is not interrupted
• #1407 - Control of personal attributes in password policy doesn't work
• #1396 - Last value from multivalued EAV cannot be removed
• #1429 - Reset filter on identity role agenda
• #1412 - Identity contract expiration lrt throws Exception
• #1473 - Manually deleted contract slice causes failure of reconcilation
• #1430 - Contract with highest "valid from" is returned as prime contract
• #1483 - Role attributes - missing integrity check on delete of attribute definition
• #1465 - Server error when sorting Links to accounts
• #1436 - Script IsRoleInCatalogue fails
• #1394 - Create automatic role by manager doesn't set recursion type
• #1399 - Automatic roles are removed when the contract primary position is changed
• #1440 - Filter for identities by tree node recursively doesn't count with tree type
• #1434 - Non-responsive Entity field and magnifying glass (Missing method getHelpBlockLabel for attribute enums)
• #1397 - Cannot set char value to IdMFormValueDto
• #1456 - Endless loading on system entity detail
• #1439 - Missing tooltip localization for add roles by user
• #1452 - Cannot set idmKey in attribute mapping for tree