Skip to main content
Skip table of contents

Role Assignment Widget

Definition

The Role Assignment Widget allows to assign one ore several Roles to an Identity.

This Widget is divided into two parts in order to:

  • search for Roles

  • assign Role(s) to an Identity

Tips

To access the Role Assignment Widget, you must configure the Widget on a Feature with an object kind set to IDENTITY.

To optimize the widget use, the best ways are to configure it in a dedicated Feature of type UI_FOR_OBJECT or in Widget To Open (avoid search Feature).

When a Role Assignment Widget is displayed and an excerpt is configured (for the type of the Object Reference displayed) the excerpt is displayed as configured; otherwise the ID of the Object is displayed.

Use

Description

Examples

Search part : a search form allows to customize how the user will be able to search for Roles.
Only searchable Attributes can be configured in this part.

A consistent list is displayed and the user can select Roles by clicking on the checkboxes next to each line.

A cart icon is displayed with a consistent list of selected Roles.

Click on the "Continue" button to access the assign part.

The label "Select roles" can be configured with this I18N key: "tenant.ui.component.role-assignment.select-roles.label"

If the requesting user is not allowed too see an attribute (the confidentiality of the attribute is greater than the confidentiality allowed for the user), the attribute will not be searchable and will not be displayed in the result colums.

If an Identity Constraint is configured on the Role Type, a no-entry sign is displayed next to the roles that match the constraint.

Assign part : this part allows to assign the selected Role(s) to the Identity.

If several Roles have been selected, each Role is displayed in a dedicated frame.

A "Back" button allows the user to return to the search part.

Click on "Assign" button to validate the assignment of Roles to the Identity.
A green pop-up is displayed to indicate that Roles are assigned.

The label "Assign roles" can be configured with this I18N key: "tenant.ui.component.role-assignment.assign-roles.label"

Each dimension can be translated with these I18N keys:

  • ui.model.dimensions.<dimensionId>.name (in this case, all dimensions with the same id will be translated on all roles using it).

  • ui.model.roles.<roleId>.dimensions.<dimensionId>.name (in this case, only the dimension on a specific role will be translated).

The role identifier can be translated in the role assignment box with this I18N key:
"ui.model.roleType."id of the role type".excerpt".

Cart icon

  • The cart button is disabled if the cart is empty.

  • When a user chooses role(s) by clicking on checkboxes next to it, the cart icon will be updated with the number of selected Role(s).

  • The user can click on the "cart icon" button to display the selected Role(s).

  • The user can modify the selected Roles in the cart by clicking on the checkboxes and validate by clicking on the "Apply changes" button.

Validity dates

Validity dates can be:

  • optional if no rule is configured on it.

  • mandatory, pre-filled and/or subjected to validation if any rules have been configured on the concerned Role Type. An asterisk is displayed next to the field and a message is displayed below the validity date in orange and italic.

You cannot choose validity dates before today's date.
The validity dates have an impact on the Role Assignment.

When you adding an end date, the Role will be removed from the Identity one day after the chosen date.

The real date of deletion of the Role is visible when the mouse passes over the end date on the Role dashboard.

The goal is to delete the Role at the end of the last authorized day.

Start date

End date

Status

Impact

Not valued

Not valued

ASSIGNED

The Role is assigned directly.

Not valued

Valued (in the future)

ASSIGNED

The Role is assigned directly.

The Role will be deleted when:

  • the end date will have passed.

  • the "RoleAssignmentsActivation" job must be executed.

Valued (in the future)

Not valued

DELAYED

The Role is not assigned because the start date has not passed.

The Role will be assigned when:

  • the start date will have passed.

  • the "RoleAssignmentsActivation" job must be executed.

The Role will never be deleted.

Valued (in the future)

Valued (in the future)

DELAYED

The Role is not assigned because the start date has not passed.

The Role will be assigned when:

  • the start date will have passed.

  • the "RoleAssignmentsActivation" job must be executed.

The Role will be deleted when:

  • the end date will have passed

  • the "RoleAssignmentsActivation" job must be executed.

Comment

Comment can be:

  • optional if no rule is configured on it.

  • mandatory or subjected to validation if any rules have been configured on the concerned Role Type.

    • If the comment is mandatory, the field is displayed under the validity date and an asterisk is displayed too.

    • If the comment may become mandatory based on a condition, a comment icon is displayed and a pop-up opens. The comment icon becomes:

      • green when the comment has been added and if the comment respected an optional configured rule.

      • red when the comment does not respect the configured rule.

Configuration

Properties

Property name

Type

Mandatory

Description

Values (default value in blod)

bordered

Boolean

NO

Allows to display a border around the Widget.

true, false

title

Boolean

NO

Allows to define a title and a subtitle.

Title and subtitle are defined in the following i18n keys:

  • tenant.features.role-assignment.title.label

  • tenant.features.role-assignment.subtitle.label

true, false

assignment

Object

NO

Allows to configure the assignment properties

-

scope

Dynamic Object Scope

YES

Allows to limit the search results.

-

search

-

YES

Same configuration as for a SearchWidget.

<rowClickActions> and <allowExport> tags are not applicable for this Widget.

-

Assignment Properties

Properties name

Type

Mandatory

Description

Values (default value in bold)

fields

List<FieldEditorWidget>

NO

Allows you to configure field editors to be displayed (see Field Editors)

These fields will be accessible when evaluating Role Request Policies and in workflows

-

Example

Role Assignment Widget Example
XML 
<columns>
    <column>
        <widgets>
            <widget id="roleAssignment" xsi:type="ctdbum:RoleAssignmentWidgetType">
                <hidden>false</hidden>
                <config>
                    <bordered>false</bordered>
                    <title>true</title>
                    <assignment>
                      <fields>
                          <field id="fieldTargetId">
                              <hidden>false</hidden>
                              <config>
                                  <editor>
                                      <editWidget xsi:type="ctdbum:TextInputEditWidgetType">
                                          <hidden>false</hidden>
                                          <config>
                                              <required>true</required>
                                              <type>text</type>
                                          </config>
                                      </editWidget>
                                  </editor>
                                  <label></label>
                                  <lockedInUi>false</lockedInUi>
                                  <mode>READ_WRITE</mode>
                                  <multiValued>false</multiValued>
                              </config>
                              <fieldId>fieldTargetId</fieldId>
                          </field>
                      </fields>
                    </assignment>
                    <scope objectKind="ROLE" type="EXPRESSION">
                        <objectTypes>
                            <objectType>role_type_1</objectType>
                        </objectTypes>
                        <searchExpression/>
                    </scope>
                    <search>
                        <actions/>
                        <columns>
                            <column>
                                <attribute>true</attribute>
                                <dataKey>id</dataKey>
                                <dataType>string</dataType>
                                <dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
                                <ellipsis>false</ellipsis>
                                <hidden>false</hidden>
                                <sortAs>ALPHA</sortAs>
                                <sortDirection>ASC</sortDirection>
                                <sortable>true</sortable>
                                <sorted>false</sorted>
                                <type>general</type>
                            </column>
                            <column>
                                <attribute>true</attribute>
                                <dataKey>rolecode</dataKey>
                                <dataType>string</dataType>
                                <dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
                                <ellipsis>false</ellipsis>
                                <hidden>false</hidden>
                                <sortAs>ALPHA</sortAs>
                                <sortDirection>ASC</sortDirection>
                                <sortable>true</sortable>
                                <sorted>false</sorted>
                                <type>general</type>
                            </column>
                        </columns>
                        <rowClickActions/>
                        <additionalSearchAttributes/>
                        <displayFrozenOperators>true</displayFrozenOperators>
                        <frozen>NO</frozen>
                        <modes>
                            <mode>MULTICRITERIA</mode>
                        </modes>
                        <objectReferences/>
                        <searchExpression>
                            <search:And>
                                <search:Prop op="IS_NOT_NULL" name="id"/>
                                <search:Prop op="EQUALS" name="owners"/>
                                <search:Prop op="EQUALS" name="rolecode"/>
                            </search:And>
                        </searchExpression>
                    </search>
                </config>
            </widget>
        </widgets>
    </column>
</columns>

Read Next

Right Bindings Widgets — Allows to edit and display Rights bound to Roles.
Role Bindings Widgets — Allows to edit and display Roles bound to Super Roles.
Role Assignment Widget — Allows to assign one ore several Roles to an Identity
Role Assignment Policies Widget — Allows to configure and manage one or several Role Assignment Policies in order to assign Roles to several Identities.
Role Dashboard Widget — Allows to display Role Assignments on an Identity and perform actions on Role Assignments (validity date, values of dimensions, update, revoke).
Role Dimensions Widgets — Allows to edit and display Dimensions on Roles.
Role Request Widget — Allows to manage the Role form on the Workflow user task.
Bulk Role Assignment Widget — Allows to assign one Role to several Identities.
Copy Role Assignment Widget — The Copy Role Assignment Widget allows to copy Role Assignments from one Identity to another.
Role History Widget — Allows to display Role Assignments history for an identity using point in time and search expressions.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close