Table of Contents

Change roles request

A user or an authorized administrator can change users’ roles via so-called Change roles request. The request can be accessed via detail of the user for whom the change is requested. In the tab Role, there is a form displaying:

 Current roles list

Create a new request

Then, there is the button Manage authorizations which is used to run the process Change roles request. After clicking on the button, the empty request is open.  Role change request - user summary

There, new roles are inserted using the button Add.

The following boxes can be filled in a new role selection window:

The role selection is confirmed by clicking the button Set. Roles can be added to one request in the described way repeatedly, if different jobs or validities need to be set for different roles, for example.  Add roles to request

Assigning of a role can be edited by clicking on the orange square with the pencil symbol (the same form as for adding, see below). Automatic roles cannot be removed or their validity configured, they are assigned/removed automatically. Roles from the selection are removed by clicking on the red cross in the line with the role.

 Role change request - roles summary

After the form has been filled in, it is necessary to click the button Submit a request, which sends the form to be realized in the process Change role request. If the form is closed using the button Back (next to the button Submit a request), the form is saved as a concept.

The process of change permissions request continues with approval. The individual steps of approval are dealt with in Role approval chapter of this guide. The changes are applied to the user only after the approval in the last step and a notification is sent, which contains a list of all the changes.

When the request has been created, the current list of roles which the user requests and their approval status can be seen in the user’s detail → Role.

Sending notifications

The notification about the request status is sent when the request is resolved. The recipient is the user for whom the roles are to be changed.

There are two possible recipients at the moment

In Settings→Configuration the recipient can be changed.

By clicking on green button Add we add variable 'idm.sec.core.wf.notification.applicant.enabled' as a key and true/false as a value. Same we can do with variable 'idm.sec.core.wf.notification.requester.enabled'.