Skip to main content
Skip table of contents

Copy Role Assignment Widget

Definition

The Copy Role Assignment Widget allows to copy Role Assignments from one Identity to another.

This Widget is divided into 3 parts in order to:

  • search the source Identity (the one who has the Role Assignments)

  • search for Role Assignments to be copied

  • assign Role Assignments to the target Identity

Tips

To access the Copy Role Assignment Widget, you must configure the Widget on a Feature with an object kind set to IDENTITY.

To optimize the widget use, the best ways are to configure it in a dedicated Feature of type UI_FOR_OBJECT or in a Widget To Open.

Use

Description

Examples

Search source Identity: a form allows to customize the search for the source Identity. Only searchable Attributes can be configured in this part.

If the requesting user is not allowed to see an attribute (the confidentiality of the attribute is greater than the confidentiality allowed for the user), the attribute will not be searchable and will not be displayed in the result columns.

A consistent list is displayed and the user can select one Identity by clicking on the corresponding line.

Control

  • If an Identity Constraint is configured on the Role Type, a no-entry sign is displayed next to the identites that match the constraint.

  • If SoD rules applies to the selected roles, a warn symbole is displayed next to the roles that match the constraint.

    • Depending on the SoD type (WARN or FORBID), the role can be selected or not

    • When clicking on the warn symbole, a pop up is displayed with information about the concerned SoD rule(s).

Translations

The label "Select source identity" can be configured with this I18N key: "tenant.ui.component.copy-role-assignment.select-identity.label"

On selection, the user is automatically redirected to the "Search Role Assignments" step.

Search Role Assignments: a form allows to customize the search for the Role Assignments on the previously selected Identity.

If the requesting user is not allowed to see an attribute (the confidentiality of the attribute is greater than the confidentiality allowed for the user), the attribute will not be searchable and will not be displayed in the result columns.

Display & Navigation

A Back button allows the user to return to the previous step.

Translations

The label "Select role assignments" can be configured with this I18N key: "tenant.ui.component.copy-role-assignment.select-assignments.label

Click on the Continue button to access the following step."

In the specific case of roles concerned by a SoD rule, after the click on the button a pop-up is displayed reminding the user of the SOD rules that are being applied.

For each rule, the user has the option to deselect one or several of the affected role.

  • In WARN mode, it is possible to continue with the assignment by bypassing the SOD rule.

  • In FORBID role, it is mandatory to act on the selection to resolve the conflict and then proceed with the assignment.

Assign Roles: this part allows to assign a copy of the selected Role Assignments to the target Identity (corresponding to the feature object id).

If several Role Assignments have been selected, each Assignment is displayed in a dedicated frame.

Display & Navigation

A Back button allows the user to return to the previous step.

Translations

The label "Assign roles" can be configured with this I18N key: "tenant.ui.component.copy-role-assignment.assign-roles.label".

Each dimension can be translated with these I18N keys:

  • ui.model.dimensions.<dimensionId>.name (in this case, all dimensions with the same id will be translated on all roles using it).

  • ui.model.roles.<roleId>.dimensions.<dimensionId>.name (in this case, only the dimension on a specific role will be translated).

Click on Assign button to assign the Role Assignments with their custom dimension values to the target Identity.

A notification is displayed to indicate that the operation is done.

Cart icon

  • The cart button is disabled if the cart is empty.

  • When a user chooses assignment(s) by clicking on checkboxes next to it, the cart icon will be updated with the number of selected Role(s).

  • The user can click on the "cart icon" button to display the selected Role Assignment(s).

  • The user can modify the selected Role Assignments in the cart by clicking on the checkboxes and validate by clicking on the "Apply changes" button.

Validity dates

Validity dates can be:

  • optional if no rule is configured on it.

  • mandatory, pre-filled and/or subjected to validation if any rules have been configured on the concerned Role Type. An asterisk is displayed next to the field and a message is displayed below the validity date in orange and italic.

You cannot choose validity dates before today's date.
The validity dates have an impact on the Role Assignment.

When you add an end date, the Role will be removed from the Identity one day after the chosen date.

The real date of deletion of the Role is visible when the mouse hovers over the end date on the Role dashboard.

The goal is to delete the Role at the end of the last authorized day.

Start date

End date

Status

Impact

Not valued

Not valued

ASSIGNED

The Role is assigned directly.

Not valued

Valued (in the future)

ASSIGNED

The Role is assigned directly.

The Role will be deleted when:

  • the end date will have passed.

  • the "RoleAssignmentsActivation" job must be executed.

Valued (in the future)

Not valued

DELAYED

The Role is not assigned because the start date has not passed.

The Role will be assigned when:

  • the start date will have passed.

  • the "RoleAssignmentsActivation" job must be executed.

The Role will never be deleted.

Valued (in the future)

Valued (in the future)

DELAYED

The Role is not assigned because the start date has not passed.

The Role will be assigned when:

  • the start date will have passed.

  • the "RoleAssignmentsActivation" job must be executed.

The Role will be deleted when:

  • the end date will have passed.

  • the "RoleAssignmentsActivation" job must be executed.

Comment

The Comment is mandatory when assigning a Role to several Identities.

Configuration

Properties

Property name

Type

Mandatory

Description

Values (default value in bold)

bordered

Boolean

NO

Allows to display a border around the Widget.

true, false

title

Boolean

NO

Allows to define a title and a subtitle.

Title and subtitle are defined in the following i18n keys:

  • tenant.ui.component.copy-role-assignment.title.label

  • tenant.ui.component.copy-role-assignment.subtitle.label

true, false

identityOptions

Object

YES

Contains all options related to the selection of the source Identity

PropertyTypeDescriptionscopeObjectAllows to limit the search results.searchObject

Same configuration as for a SearchWidget.

<allowExport> tag is not applicable for this Widget.

assignmentOptions

Object

YES

Contains all options related to the selection of the Role Assignments

Assignment properties

Properties name

Type

Mandatory

Description

Values (default value in bold)

scope

Dynamic Simple Scope

NO

Allows to limit the search results.

Default Scope

status='ASSIGNED' AND source='MANUAL'

-

search

Object

NO

Same configuration as for a SearchWidget

<rowClickActions>, <actions> and <allowExport> tags are not applicable for this Widget

-

fields

List<FieldEditorWidget>

NO

Allows you to configure field editors to be displayed (see Field Editors)

These fields will be accessible when evaluating Role Request Policies and in workflows

-

fields Properties

Properties name

Type

Mandatory

Description

Values (default value in bold)

field

FieldEditorWidget

NO

Allows you to configure field editors to be displayed (see Field Editors)

These fields will be accessible when evaluating Role Request Policies and in workflows

-

Example

Copy Role Assignment Widget Example
XML 
<widgetToOpen id="copy-role-widget" xsi:type="ctdbum:CopyRoleAssignmentWidgetType">
	<hidden>false</hidden>
	<displayOptions>
		<modalSize>LG</modalSize>
	</displayOptions>
	<config>
		<bordered>false</bordered>
		<title>false</title>
		<assignmentOptions>
			<scope type="EXPRESSION">
				<searchExpression>
					<search:And>
						<search:Prop op="EQUALS" name="status">
							<value script="false">ASSIGNED</value>
						</search:Prop>
						<search:Prop op="EQUALS" name="source">
							<value script="false">MANUAL</value>
						</search:Prop>
					</search:And>
				</searchExpression>
			</scope>
			<fields>
                <field id="fieldTargetId">
                    <hidden>false</hidden>
                    <config>
                        <editor>
                            <editWidget xsi:type="ctdbum:TextInputEditWidgetType">
                                <hidden>false</hidden>
                                <config>
                                    <required>true</required>
                                    <type>text</type>
                                </config>
                            </editWidget>
                        </editor>
                        <label></label>
                        <lockedInUi>false</lockedInUi>
                        <mode>READ_WRITE</mode>
                        <multiValued>false</multiValued>
                    </config>
                    <fieldId>fieldTargetId</fieldId>
                </field>
            </fields>
			<search>
				<actions/>
				<allowExport>false</allowExport>
				<columns>
					<column>
						<attribute>true</attribute>
						<dataKey>role</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_SHORT</dateFormat>
						<ellipsis>true</ellipsis>
						<hidden>false</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>false</sortable>
						<sorted>false</sorted>
						<type>excerpt</type>
					</column>
					<column>
						<attribute>true</attribute>
						<dataKey>_details</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_SHORT</dateFormat>
						<ellipsis>true</ellipsis>
						<hidden>false</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>false</sortable>
						<sorted>false</sorted>
						<type>role_assignment_details</type>
					</column>
					<column>
						<attribute>true</attribute>
						<dataKey>enabledFrom</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_SHORT</dateFormat>
						<ellipsis>true</ellipsis>
						<hidden>false</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>true</sortable>
						<sorted>false</sorted>
						<type>date</type>
					</column>
					<column>
						<attribute>true</attribute>
						<dataKey>enabledUntil</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_SHORT</dateFormat>
						<ellipsis>true</ellipsis>
						<hidden>false</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>true</sortable>
						<sorted>false</sorted>
						<type>date</type>
					</column>
				</columns>
				<rowClickActions/>
				<additionalSearchAttributes/>
				<displayFrozenOperators>true</displayFrozenOperators>
				<frozen>NO</frozen>
				<modes>
					<mode>SIMPLE</mode>
					<mode>MULTICRITERIA</mode>
				</modes>
				<objectReferences>
					<objectReference>
						<attribute>role</attribute>
					</objectReference>
				</objectReferences>
			</search>
		</assignmentOptions>
		<identityOptions>
			<scope type="EXPRESSION" objectKind="IDENTITY">
				<searchExpression/>
				<objectTypes>
					<objectType>test_identityType_employee</objectType>
				</objectTypes>
			</scope>
			<search>
				<actions>
					<action id="identitySearch" xsi:type="ctdbum:ButtonWidgetType">
						<hidden>false</hidden>
						<config>
							<align>RIGHT</align>
							<authenticationLevelSufficient>false</authenticationLevelSufficient>
							<borderless>false</borderless>
							<circle>true</circle>
							<color>default</color>
							<icon>fa fa-paper-plane</icon>
							<label>true</label>
							<link>feature://test_user-card-read/{dataKey.id}</link>
							<linkTarget>NEW_TAB</linkTarget>
							<outline>false</outline>
							<size>SM</size>
						</config>
					</action>
				</actions>
				<allowExport>false</allowExport>
				<columns>
					<column>
						<attribute>true</attribute>
						<dataKey>id</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
						<ellipsis>false</ellipsis>
						<hidden>false</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>true</sortable>
						<sorted>false</sorted>
						<type>general</type>
					</column>
					<column>
						<attribute>true</attribute>
						<dataKey>firstName</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
						<ellipsis>false</ellipsis>
						<hidden>false</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>true</sortable>
						<sorted>false</sorted>
						<type>general</type>
					</column>
					<column>
						<attribute>true</attribute>
						<dataKey>lastName</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
						<ellipsis>false</ellipsis>
						<hidden>true</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>true</sortable>
						<sorted>false</sorted>
						<type>general</type>
					</column>
					<column>
						<attribute>true</attribute>
						<dataKey>test_manager</dataKey>
						<dataType>string</dataType>
						<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
						<ellipsis>false</ellipsis>
						<hidden>false</hidden>
						<sortAs>ALPHA</sortAs>
						<sortDirection>ASC</sortDirection>
						<sortable>true</sortable>
						<sorted>false</sorted>
						<type>excerpt</type>
					</column>
				</columns>
				<rowClickActions/>
				<additionalSearchAttributes/>
				<displayFrozenOperators>true</displayFrozenOperators>
				<frozen>NO</frozen>
				<modes>
					<mode>SIMPLE</mode>
					<mode>MULTICRITERIA</mode>
				</modes>
				<objectReferences>
					<objectReference>
						<attribute>test_manager</attribute>
						<editWidget xsi:type="ctdbum:AdvancedObjectReferenceEditWidgetType">
							<hidden>false</hidden>
							<config>
								<required>false</required>
								<popupAttributes/>
								<search>
									<actions/>
									<allowExport>false</allowExport>
									<columns>
										<column>
											<attribute>true</attribute>
											<dataKey>id</dataKey>
											<dataType>string</dataType>
											<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
											<ellipsis>false</ellipsis>
											<hidden>false</hidden>
											<sortAs>ALPHA</sortAs>
											<sortDirection>ASC</sortDirection>
											<sortable>false</sortable>
											<sorted>false</sorted>
											<type>general</type>
										</column>
										<column>
											<attribute>true</attribute>
											<dataKey>firstName</dataKey>
											<dataType>string</dataType>
											<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
											<ellipsis>false</ellipsis>
											<hidden>false</hidden>
											<sortAs>ALPHA</sortAs>
											<sortDirection>ASC</sortDirection>
											<sortable>true</sortable>
											<sorted>false</sorted>
											<type>general</type>
										</column>
										<column>
											<attribute>true</attribute>
											<dataKey>lastName</dataKey>
											<dataType>string</dataType>
											<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
											<ellipsis>false</ellipsis>
											<hidden>false</hidden>
											<sortAs>ALPHA</sortAs>
											<sortDirection>ASC</sortDirection>
											<sortable>true</sortable>
											<sorted>false</sorted>
											<type>general</type>
										</column>
									</columns>
									<rowClickActions/>
									<additionalSearchAttributes/>
									<displayFrozenOperators>true</displayFrozenOperators>
									<frozen>NO</frozen>
									<modes>
										<mode>SIMPLE</mode>
										<mode>MULTICRITERIA</mode>
									</modes>
									<objectReferences/>
								</search>
								<displayPopup>true</displayPopup>
							</config>
						</editWidget>
					</objectReference>
				</objectReferences>
			</search>
		</identityOptions>
	</config>
</widgetToOpen>

Read Next

Right Bindings Widgets — Allows to edit and display Rights bound to Roles.
Role Bindings Widgets — Allows to edit and display Roles bound to Super Roles.
Role Assignment Widget — Allows to assign one ore several Roles to an Identity
Role Assignment Policies Widget — Allows to configure and manage one or several Role Assignment Policies in order to assign Roles to several Identities.
Role Dashboard Widget — Allows to display Role Assignments on an Identity and perform actions on Role Assignments (validity date, values of dimensions, update, revoke).
Role Dimensions Widgets — Allows to edit and display Dimensions on Roles.
Role Request Widget — Allows to manage the Role form on the Workflow user task.
Bulk Role Assignment Widget — Allows to assign one Role to several Identities.
Copy Role Assignment Widget — The Copy Role Assignment Widget allows to copy Role Assignments from one Identity to another.
Role History Widget — Allows to display Role Assignments history for an identity using point in time and search expressions.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close