9.7:release_notes.md

CzechIdM 9.7.0 - Rhyolite

The main enhancements to Rhyolite are support for the recertification module (the module itself is not part of the product and will be available for installation separately). On the reqeust for permission change was status on systems added. Audit log search has also been improved, where changes are now bound by a transaction identifier.

Status of systems on request for permission change

The role request has a status item that identifies whether the request has already been executed. The Executed state in this case means that the request has been approved and the changes have been executed in IdM. This state only reflects the state in IdM.

This status does not cover a situation where some of the assigned roles create an account on a system. In this case, it may be important for the user to know the exact time the account was successfully created. Alternatively, if there is an error on the system, it is good to know this information in the role request itself.

These requirements solve the system state. Which represents how the implementation of the request on systems has ended.

request-inprogress (1)

More about this feature you can find here.

User transaction

User transaction is started, when operation is executed by rest controller or by scheduled task. Each user transaction (~operation) has uniquie identifier and all entities, which are modified in this user transaction has this transaction identifier persisted in transactionId attribute.

This atttribute can be used for filtering - e.g. in audit for entites, entity events.

transaction-audit

More about this feature you can find here.

Recertification module

Role recertification module approves assigned user roles again.

When user has a lot of assigned roles for a long time, we want to check these assigned roles periodicaly (in a half year interval for security reasons), if some assigned role has to be already removed. Currently valid manual direct assigned roles are checked - only manual roles can be assigned and stay assigend, after user is changed some way (e.g. user contract is exluded, work position was changed).

This module itself is not part of the product and will be available for installation separately.

recertification-requests

recertification-request-detail

All new features in this version:

  • #1736 - State of request on a systems (+ propagation to the VS)
  • #1692 - Move table of role-concepts from FE to BE
  • #1708 - Audit: fill transaction id
  • #1393 - Filter empty provisioning attempts in archive
  • #1756 - Add filtering by system state to role-request table
  • #1721 - Skip of merged values (if contract is excluded)
  • #1755 - Create tests for filter workflow process definition
  • #1246 - Run tests for MSSQL and Postgres on jenkins
  • #1556 - ACM - on delete the system mapping
  • #1532 - FE: change label for the filter used in copying assigned roles modal and use role info with business roles
  • #1740 - Assign the default role for all contracts during synchronization
  • #1647 - Provisioning: create LRT for delete old provisioning archive
  • #1722 - LRT: prevent to load LRT's counters in each toDto conversion.
  • #1668 - Entity event queue - create LRT for remove executed events.
  • #1651 - Add filter by enviroment on detail role-request (modal)
  • #1649 - Incompatible roles - check performance
  • #1655 - Enable synchronization for the system marked as inactive with provisioning queue
  • #1716 - FE: LRT for automatic roles - add localization and form support
  • #1654 - Execute provisioning on change other-position
  • #1693 - Show in provisioning archive when was the provisioning request created
  • #1664 - Update behavior with empty code for tree node and add sample generator
  • #1691 - Implementation of "thin" entity
  • #1653 - Permissions for provisioning-operation and archive
  • #1715 - FE: show role environment configuration property
  • #1659 - Request to change roles - deleted parameter value is not displayed
  • #1658 - Request to change roles - Changing the parameter value doesn't start provisioning
  • #1718 - FE: LRT for synchronization - add localization and form support
  • #1650 - Refreshing of identity-role table should refreshing tab with requests too
  • #1738 - Report Eav attribute
  • #1661 - EAV update event should have "High" priority
  • #1707 - Split role column on role request detail into name, code and environment (+sortable)
  • #1611 - Remove workflow history created by synchronization
  • #1753 - Upgrade wf for synchronization of groups from Ldap
  • #1696 - Optimistic lock exception - add localized message
  • #1733 - Update ModelMapper
  • #1612 - Add failed retry provisioning attemtps into archive.
  • #1731 - Support automatic role by code list EAV
  • #1697 - New filter on copy role from a user modal window
  • #1603 - Upgrade version AD connector
  • #1735 - Gulp install make a loop on windows
  • #1680 - Icons in IE for tree components is overflow
  • #1648 - Code of node should be not mandatory on FE (code can be generated)
  • #1652 - Add code to the role table (select by identity)
  • #1714 - FE: configuration info component
  • #1763 - EAV: add indexes to form definition code a form attribute code.
  • #1700 - Optimisation of manual contract end
  • #1744 - Add entity type to label in the form definition selectbox
  • #1675 - Improve GUI texting in Copy role from a user modal window
  • #1702 - Hide button "Add" on identity detail - authorize roles
  • #1724 - Filtering and labeling of excluded users
  • #1678 - EAV form: support enumeration as face type
  • #1704 - Horizontal scroll bar in a copy roles from user modal window
  • #1646 - Provisioning: support showing complex type values in provisioning operation detail (and archive)
  • #1117 - Identity detail - add shortcut to disable / enable identity manually
  • #1481 - Some executed entity events aren't removed

All defects fixed in this version:

  • #1643 - Copy user roles is slow
  • #1752 - Dependency hell - frontend doesn't work
  • #1673 - Provisioning break removing from cache throw null pointer
  • #1765 - DeleteExecutedEventTaskExecutor causes OutOfMemory
  • #1656 - Null pointer in deduplication with valid till
  • #1674 - FE: RoleInfo component overflow in IE
  • #1725 - Copy of identity roles - removes attribute values from source identity
  • #1672 - Disable notification template by provisioning break is get from warning notification.
  • #376 - Search of IdmTreeNode by eav attribute is failing
  • #1710 - Pagination in automatic role by attribute skip contracts
  • #1727 - Failed event during manual contract end with automatic roles
  • #1726 - FE: create user - password is not generated
  • #1684 - Loading not disappear on password change
  • #1703 - cannot see "running" checkbox on synchronisation list agenda
  • #1667 - Executed by in Audit is filled with "[SYSTEM]"
  • #1609 - Face type isn't show in attribute definition
  • #1663 - Automatic role rule displays "Value" instead of attribute name
  • #1701 - Entity Event: add localization for bad uuid value used in filter.
  • #1537 - Upload profile picture from IE or Edge not working
  • #1593 - AddNewAutomaticRoleTaskExecutor run before IdmRoleTreeNodeDto was saved
  • #1695 - Automatic roles by assignedRoles
  • #471 - Malformed progress bar
  • #1657 - Add access permission for system agenda on policies
  • #1662 - Newly created business role doesn't display subroles
  • #1644 - Show validation error during create role with parameters
  • #1699 - Empty role request is created when trying to add non-existent role
  • #1709 - Select box Behavior of the default roles shouldn't be active for newly set synchronization
  • #1750 - I can see "Save" button without permission to update
  • #1248 - Event audit - close running parent event, when child event fails