Domains

See also under "Cross Application" (link)

Specific information of domains in authorization organizer module.

The domains play an important role when deriving roles.
The domain is a part of the role naming (indicator), this part of a master role can be replaced by the indicator (key) of the domain and by that create new role.

View role domain relations.

This view can be found under Organize > Views > Role - domain relations

The view will give an overview of all master single role - domain relations and flag those wherefore the derived role already exist.

Creating role domain relations.

See navigation "add related data"

Warning:
The role domain relation is always made between a master single role and a domain relation (decomposition).

Mass change - create role domain relations.

You can create role domain relations based on the restrictions placed in the domain workbook codification.

Method:

  •  based on existing derived roles
    The relations will be suggested based on existing derived roles. The application will check the domain of the derived roles and add it.
  • based on codification workbook
    The relations will be suggested based on the role authorizations and the restrictions in the codification.

Settings:

  • Ignore if relations exist
    The role will not be processed if there are already domains assigned
  • Override the non derivable flag
    If the role is flagged non derivable, the role still be processed (non derivable roles are not processed by default)
  • Do an advanced domain lookup (slow)
    By default the application will add all domains wherefore a restriction exists, without looking if there is a value for. This option will look for values, but is much slower
  • Exclude disabled authorization objects
    Will not do a lookup on the disabled authorizations of the role

 

Results tab.

The results tab gives an overview of all role domain relations (already existing + suggested):

Declarations of different flags:

Suggested by application:
The role domain relation is suggested by the application.

New:
The role domain relation is new and will be created when approving.

Delete:
The role domain relation exist but will be removed when approving.

Derived exists:
The derived role already exists for this role domain relation.

 

 

 

 

This document is up to date with version 11.1.10.20 of CSI Accelerator