Table of Contents

CzechIdM 9.7.0 - Rhyolite

The main enhancements to Rhyolite are support for the recertification module (the module itself is not part of the product and will be available for installation separately). On the reqeust for permission change was status on systems added. Audit log search has also been improved, where changes are now bound by a transaction identifier.

Status of systems on request for permission change

The role request has a status item that identifies whether the request has already been executed. The Executed state in this case means that the request has been approved and the changes have been executed in IdM. This state only reflects the state in IdM.

This status does not cover a situation where some of the assigned roles create an account on a system. In this case, it may be important for the user to know the exact time the account was successfully created. Alternatively, if there is an error on the system, it is good to know this information in the role request itself.

These requirements solve the system state. Which represents how the implementation of the request on systems has ended.

request-inprogress (1)

More about this feature you can find here.

User transaction

User transaction is started, when operation is executed by rest controller or by scheduled task. Each user transaction (~operation) has uniquie identifier and all entities, which are modified in this user transaction has this transaction identifier persisted in transactionId attribute.

This atttribute can be used for filtering - e.g. in audit for entites, entity events.

transaction-audit

More about this feature you can find here.

Recertification module

Role recertification module approves assigned user roles again.

When user has a lot of assigned roles for a long time, we want to check these assigned roles periodicaly (in a half year interval for security reasons), if some assigned role has to be already removed. Currently valid manual direct assigned roles are checked - only manual roles can be assigned and stay assigend, after user is changed some way (e.g. user contract is exluded, work position was changed).

This module itself is not part of the product and will be available for installation separately.

recertification-requests

recertification-request-detail

All new features in this version:

All defects fixed in this version: