Role Recertification is the process of reviewing Role Assignments to verify their compliance. This process is implemented in Memority using Role Recertification Policies that can trigger a workflow on a regular basis or when needed.
The details about the widget allowing to view the recertifications of an Object are described in this page.
Configuration
🎯
You can access the Recertification Policy configuration :
by clicking on "Portal" → “Recertification Policies”
by clicking on "System" → "Configurations" → "Recertification Policies" and perform an import/export.
Properties
Property name
Type
Mandatory
Description
Modifiable after creation
id
String
YES
The id is the unique identifier of the Role Recertification Policy
It is case sensitive and no special characters (except - or _) are allowed.
NO
name
String
YES
The Object Recertification Policy name.
The name may be different from the identifier.Must be at least 4 characters long.
YES
active
Boolean
YES
Allow to toggle activation of the policy
YES
identityScope
StaticObjectScope
YES
The Scope of the policy. It will apply to all Role Assignments:
matching roleAssignmentScope
belonging to an identity matching roleAssignmentScope
that are currently in ASSIGNED status
That are modifiable, i.e. neither frozen nor assigned by a STRICT Role Assignment Policy
YES
roleAssignmentScope
SimpleObjectScope
YES
recertificationPeriod
String
NO
A period duration in ISO 8601 format.
If provided, the “On the fly” recertification mode will be activated with this period.
YES
campaignExecutionPlan
ExecutionPlan
NO
If provided, the “Campaign” recertification mode will be activated with the provided schedule (see “Campaign” recertification below)
YES
workflowStrategy
WorkflowStrategy
YES
Provide the workflow to be triggered for the recertification
YES
Policy Scopes (identityScope + roleAssignmentScope) must be distinct. If a Role Assignment matches several policies, the behavior will not be deterministic.