Process of role change request approval is managed by CzechIdM standard approval workflow. The workflow can be configured.
Enabling or disabling approval rounds of standard approval workflow (as well as the definitions of role names for the individual approving rounds) can be configured in the configurational file application.properties or by an explicit entry in the tab Settings → Configuration:
Who approves the role change request in each round is configured by following properties:
Value of each property is the name of the role of which the holders approve the role change request in appropriate step. e.g idm.sec.core.wf.approval.security.role = Security says that users having role Security assigned approve the role request process in step designated to security department.
Standard role approval process takes into account also role criticality. Each role can have its priority set in its definition. In application configuration there can be defined, who approves which criticality level by properties of the form idm.sec.core.wf.role.approval<1-5>. The value of each property is the name of the workflow which approves the given criticality level.
The basic workflow names are: approve-role-by-guarantee (approved by the guarantee of the role), approve-role-by-manager (approved by the manager of the user for whom the role is requested).
Defaults: