Role Dashboard Widget

Definition

The Role Dashboard Widget allows to:

display all Role Assignments on an Identity
display all informations on each Role Assignments
perform actions on Role Assignments

The following image shows an example of the implementation of the dashboard role widget in an identity's role management functionality.

It is possible to switch to an alternative display where Role Assignments are grouped by Applications using the applicationGrouping configuration.

In order to use this display mode correctly, the resource type(s) associated to the role assignments must have the following attributes:

rsrcName for the application name
rsrcImage or rsrcIcon for the image/icon of the application

Tips

This Widget works as a search Widget.

To access the Role Dashboard Widget, you must configure the Widget on a Feature with an object kind sets to IDENTITY.

To optimize the widget use, the bests ways are to configure it in a dedicated Feature of type UI_FOR_OBJECT or in Widget To Open (avoid search Feature).

Use

Description	Specificities	Comments
Search form: search form allows to customize how the user will be able to search for existing Roles. Only searchable Attributes can be configured in this part.	-	By default, all Roles are displayed (if the SIMPLE search mode is configured first). It is possible to configure a scope to restrict the display of Roles.
Result table: A search result table to customize how the values will be displayed.	Columns By default, no configuration is required to display the results columns (role, resource, details, status, enabled from, enabled until, source, comment. By clicking on the "Columns" button, you can display others columns (built-in): assigned at, created at, deleted at. It is possible to overload the configuration by defining which columns can be displayed on the Role Dashboard (see the configuration of columns on the Search Widget).
	Resource
	Details Displays details of dimensions.	Only if the property "detail" is set to ON on the dimension. For choices rules, if the displayed value is a technical value, it is possible to defined the label by using a i18n key.
	Enabled From/Enabled Until Indicates the validity dates of the Role Assignment.	-
	Status Indicates the Role Assignment status. An assignment has a lifecycle, which is controlled by a status property.	Assigned: indicate that the Role Assignment is applied and the corresponding roles/rights are granted. Pending: indicate that the Role Assignment has been requested and is in the process of being approved, the corresponding rights or roles are not granted). Delayed: indicate that the Role Assignment has been requested but is not yet valid (enabledFrom is in the future). Inactive: indicate that the related role has been retired.Deleted: indicate that this Assignment is deleted and the corresponding roles/rights are removed.
	Source Indicates the source of the Role Assignment.	Manual: the Role has been assigned manually Policy: the Role has been assigned by a Policy Implied: the Role has been assigned through a Super Role
	Comment Displays the comment of the Role Assignment if any.
	Icon A warning icon is displayed on a line of Role Assignment if a Workflow is pending.	A pop-up information will be visible when the mouse hovers over the icon.

Action button

An "Action" button is displayed on each line of Roles.
This button displays informations on Role Assignment and allows to perform modifications as following:

Parts	Description	Comments
Header	Displays: name of the Role status of the Role status of the manual provisioning	Manual provisioning status (only if the Role is concerned by the manual provisioning): Done: the provisioning of the role assignment is done (the workflow is validated) Pending: the provisioning of the role assignment is pending (the workflow is not validated) Failed: the provisioning of the role assignment is failed (the role does not match with the manual provisioning policy or the policy is not activated)
Properties	Indicates the validity dates, comment and dimensions.	Validity dates Validity dates can be updated according to the status, source, mode and configuration of the Role Publication (publicationForUpdate attribute). Comment Comment can be updated according to the status, source, mode and configuration of the Role Publication (publicationForUpdate attribute). Dimensions The dimensions are displayed only if: the dimension is tagged The dimensions can be updated only if: the dimension is tagged this tag is configured in the Role Request Policy on the update part (readWriteDimensionTags) Each dimension can be translated with these I18N keys: ui.model.dimensions.<dimensionId>.name (in this case, all dimensions with the same id will be translated on all roles using it). ui.model.roles.<roleId>.dimensions.<dimensionId>.name (in this case, only the dimension on a specific role will be translated).
Details	Displays information on the Role Assignment like: created at assigned at deleted at requester and approvers (if the Role Assignment has not been given by policy). copied from (if the Role Assignment is given from another Role)
Update button	This button is displayed only if the built-in Attribute "publicationForUpdate" on the Role Publication is set to ON.
Revoke button	This button is displayed only if the built-in Attribute "publicationForDelete" on the Role Publication is set to ON.

Update a Role Assignment

The validity date and the comment of a Role Assignment can be updated according to:

the status
the source
the mode
the configuration of the Role Publication (publicationForUpdate attribute)
the configuration of the Role Request Policy for dimensions (readWriteDimensionTags).

Source	Mode	Status
Manual	N/A	Assigned
		Inactive
		Pending
		Deleted
		Delayed
Implied	N/A	Assigned
Policy	STRICT	Whatever the status
	INIT	Assigned
		Inactive
		Pending
		Deleted
	EDIT	Assigned
		Inactive
		Pending
		Deleted

Revoke a Role Assignment

A Role Assignment can be deleted according to:

the status
the source
the mode
the configuration of Role Request Policy (publicationForDelete attribute)

Source	Mode	Status
Manual	N/A	Assigned
		Inactive
		Pending
		Deleted
		Delayed
Implied	N/A	Assigned
Policy	STRICT	Whatever the status
	EDIT	Whatever the status
	INIT	Assigned
		Inactive
		Pending
		Deleted

Configuration

Properties

Property name	Type	Mandatory	Description	Values (default value in bold)
bordered	`Boolean`	NO	Allows you to display a border around the Widget.	true, false
title	`Boolean`	NO	Allows you to define a title and a subtitle. Title and subtitle are defined in the following i18n keys: tenant.features.role-dashboard.title.label tenant.features.role-dashboard.subtitle.label	true, false
scope	Dynamic Simple Scope	NO	Allows you to restrict the Role Assignments to be displayed	-
updateFields	`List<FieldEditorWidget>`	NO	Allows you to configure field editors to be displayed on an update operation (see Field Editors). These fields will be accessible when evaluating Role Request Policies and in workflows	-
revokeFields	`List<FieldEditorWidget>`	NO	Allows you to configure field editors to be displayed on a revoke operation (see Field Editors) These fields will be accessible when evaluating Role Request Policies and in workflows	-
displayProvisioningDetails	`Boolean`	NO	Allows you to display information about the provisioned account (only if provisioning on a target is configured for this Role)	true, false
search	-	YES	Same configuration as a SearchWidget. <rowClickActions> and <allowExport> tags are not applicable for this Widget.	-
applicationGrouping	`Object`	NO	Allows to switch the display from the Role Assignment direct search to a search where Role Assignments are grouped by “Application”. The “Application” is the RESOURCE referenced by the Role of the Role Assignment in its unique attribute binding marked as “RESOURCE”. The grouping is enabled by turning the enabled flag to true. Button actions for the grouped application rows should be added using the actions property of this element.	CODE `<applicationGrouping> <enabled>false</enabled> <actions> <action id="a-button" xsi:type="ctdbum:ButtonWidgetType"> ... </action> </actions> </applicationGrouping>`
workflowHistoryDisplay	`Object`	NO	Control the display of pending workflows on the role assignment	CODE `<workflowHistoryDisplay> <displayAssignmentHistory>false</displayAssignmentHistory> <displayManualProvisioningHistory>false</displayManualProvisioningHistory> <displayRecertificationHistory>false</displayRecertificationHistory> </workflowHistoryDisplay>`
enabledUntilWarningGracePeriod	`Period`	NO	Set the period after which an hourglass icon will appear as the end date approaches.	7 days

updateFields & revokeFields Properties

Properties name

Type

Mandatory

Description

Values (default value in bold)

fields

List<FieldEditorWidget>

NO

Allows you to configure field editors to be displayed (see Field Editors)

These fields will be accessible when evaluating Role Request Policies and in workflows

-

Example

Code

Code with surcharge

XML

<columns>
    <column>
        <widgets>
            <widget id="roleDashboard" xsi:type="ctdbum:RoleDashboardWidgetType">
                <hidden>false</hidden>
                <config>
                    <bordered>false</bordered>
                    <title>true</title>
                    <search>
                        <allowExport>false</allowExport>
                        <columns/>
                        <additionalSearchAttributes/>
                        <displayFrozenOperators>true</displayFrozenOperators>
                        <frozen>NO</frozen>
                        <modes>
                            <mode>SIMPLE</mode>
                        </modes>
                        <objectReferences/>
                    </search>
                    <updateFields>
                        <field id="fieldTargetId">
                            <hidden>false</hidden>
                            <config>
                                <editor>
                                    <editWidget xsi:type="ctdbum:TextInputEditWidgetType">
                                        <hidden>false</hidden>
                                        <config>
                                            <required>true</required>
                                            <type>text</type>
                                        </config>
                                    </editWidget>
                                </editor>
                                <label></label>
                                <lockedInUi>false</lockedInUi>
                                <mode>READ_WRITE</mode>
                                <multiValued>false</multiValued>
                            </config>
                            <fieldId>fieldTargetId</fieldId>
                        </field>
                    </updateFields>
                </config>
            </widget>
        </widgets>
    </column>
</columns>

XML

<columns>
    <column>
        <widgets>
            <widget id="roleDashboard" xsi:type="ctdbum:RoleDashboardWidgetType">
                <hidden>false</hidden>
                <config>
                    <bordered>false</bordered>
                    <title>true</title>
                    <search>
                        <allowExport>false</allowExport>
                        <columns>
			   	        	<column>
            					<attribute>true</attribute>
            					<dataKey>createdAt</dataKey>
            					<dataType>string</dataType>
           			 			<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
            					<ellipsis>false</ellipsis>
    					        <hidden>true</hidden>
     					        <sortAs>ALPHA</sortAs>
     					        <sortDirection>DESC</sortDirection>
            					<sortable>false</sortable>
            					<sorted>false</sorted>
            					<type>general</type>
         					</column>
         					<column>
            					<attribute>true</attribute>
            					<dataKey>assignedAt</dataKey>
            					<dataType>string</dataType>
            					<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
            					<ellipsis>true</ellipsis>
            					<hidden>false</hidden>
            					<sortAs>ALPHA</sortAs>
            					<sortDirection>ASC</sortDirection>
            					<sortable>true</sortable>
            					<sorted>true</sorted>
            					<type>general</type>
         					</column>
         					<column>
            					<attribute>true</attribute>
            					<dataKey>role</dataKey>
            					<dataType>string</dataType>
            					<dateFormat>DAY_MONTH_YEAR_LONG</dateFormat>
            					<ellipsis>false</ellipsis>
            					<hidden>false</hidden>
            					<sortAs>ALPHA</sortAs>
            					<sortDirection>ASC</sortDirection>
            					<sortable>true</sortable>
            					<sorted>false</sorted>
            					<type>general</type>
         					</column>
						</columns>
                        <additionalSearchAttributes/>
                        <displayFrozenOperators>true</displayFrozenOperators>
                        <frozen>NO</frozen>
                        <modes>
                            <mode>SIMPLE</mode>
                        </modes>
                        <objectReferences/>
                    </search>
                    <updateFields>
                        <field id="fieldTargetId">
                            <hidden>false</hidden>
                            <config>
                                <editor>
                                    <editWidget xsi:type="ctdbum:TextInputEditWidgetType">
                                        <hidden>false</hidden>
                                        <config>
                                            <required>true</required>
                                            <type>text</type>
                                        </config>
                                    </editWidget>
                                </editor>
                                <label></label>
                                <lockedInUi>false</lockedInUi>
                                <mode>READ_WRITE</mode>
                                <multiValued>false</multiValued>
                            </config>
                            <fieldId>fieldTargetId</fieldId>
                        </field>
                    </updateFields>
                </config>
            </widget>
        </widgets>
    </column>
</columns>