Role Assignment Recipients

Introduction

With the introduction of the catalogs, you have the ability to define which roles can be received by which Core Identities and you can define which Core Identities can assign which roles. But to fully cover your use case, there is one thing missing. You need a way of defining which Core Identities someone can use as a recipient for a role. Now there is a use case that you want to select a core identity, that you are normally not allowed to access.

For this use case we introduced in version 8 three predefined security rule groups, with them you can control what recipients are available for the logged-in user.

This logic will be applied to the possible role recipient in the CoreOne Shop Module and in the CoreOne Admin UI when you manage the roles of a core identity or when you manage the role assignment directly on the role.

Predefined Security Rule Groups

The following predefined Security Rule Groups are available from version 8.0:

Rule Group

Description

Rule Group

Description

Security.RuleGroup.AllowedCoreIdentityRecipient.Read.Own

Allows a Core Identity to assign Roles to himself or order Roles for himself.

Security.RuleGroup.AllowedCoreIdentityRecipient.Read.CoWorkers

Allows a Core Identity to assign Roles to his co workers. Co workers are all Core Identities that are employed in the same organization unit or below where the logged in user has an active and valid employment.

Security.RuleGroup.AllowedCoreIdentityRecipient.Read.AllActive

All active Core Identities can be selected.

Security.RuleGroup.AllowedCoreIdentityRecipient.Read.PermissionBased

For advanced use cases, you can assign this rule group and then the Core Identity can assign roles to all Core Identities that he has data access permission to.

 

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.