Role Owner
Each role is assigned to one or more so-called "role owners". The role owner is the person responsible for the respective role, e.g. for the role "Conventional Buyer".
The role owner uses legal and organizational guidelines to decide in which organizational units the role may be assigned. Furthermore, he determines the conditions that role owners must fulfil to be able to use a role (e.g., checking whether a connection between the Identity Management data and RWTH Person Directory data must be available for the role owner). Finally, he decides for which systems the role can be used and which authorizations are granted via the role.
Configuration of the role by the role owner
The role administration provides role owners with a configuration tool for this purpose under the menu item "Configure role". In the navigation on the left, role owners see the item "Configure role". After selecting the role, a table with six configuration items follows. After the desired item has been selected and confirmed via the "Next" button, the corresponding configuration page opens, which are described in sequence below.
Role details
Some of the fields visible here are defined when the role is created and are automatically filled in by the system at this point and cannot be changed (e.g., the ID, displayname, etc.).
The following fields should be filled in by the role owner:
| Keywords | Keywords are displayed to role owners and role administrators in the role administration. They can be used for searching. It is requested to separate multiple keywords by a comma followed by a space. |
| Start Date | This date is used to control the visibility of this role. It should be set to the production start date of the role. From this date on, this role will be publicly displayed in the Available Roles section of the role administration, all role owners will be informed about the creation of new contexts via email, and the role can be unlocked for contexts. |
| Description | A description of what can be done with the role will be added here. This text will be displayed to the role administrators in the role administration and to the role owners in the Selfservice. |
| Contact | This contact will be displayed together with the names of the role owners to all role administrators in the role administration. Role administrators will use this contact to request role activation for their respective context. |
| Role owner | Role owners can independently appoint other persons as role owners and withdraw their own authorization. At least one person must be registered as a role owner. |
Info links
The links configured here are displayed to the role owners in Selfservice under the "Roles" menu item. These links receive extended descriptions of the roles such as documentation of the rights and duties of the role holders.
Target system links
The target system links are also displayed to role owners in Selfservice under the "Roles" menu. These links lead to systems in which work can be done by obtaining the role.
Conditions
The role owner uses the conditions to specify which conditions a person must fulfill when redeeming the role coupon. If the conditions are not met, the person cannot accept the role.
The conditions "has expiration date" ("hat Ablaufdatum") and "PVZ" are checked daily and will result in the loss of the role if not fulfilled. This triggers an info mail to the person concerned and to the role administrators of the corresponding context (i.e. organizational unit).
Contexts
Here you can specify which organization unit is authorized to assign the role. When a new role is created, the role owners must activate the role for the respective contexts in parallel with informing the role administrators of the relevant contexts. In the default configuration, the role cannot be used in any context.
Once the check mark for a context is removed, the role cannot be reassigned there.
Role coupons for configured roles can no longer be assigned to new people once the maximum has been reached. Role owners can no longer have their role revoked (either manually or automatically) once the minimum has been reached.
Automatic activation in new contexts
Here you can specify or select whether a role should be automatically available in new contexts (organization units) of the categories displayed.
If the box in the header row is checked, all organization units are selected. Individual organization units can then be deselected accordingly. Individual contexts can also be selected if the role is only to be assigned in a few organization units.
To the right of each context is a column for specifying the minimum number of role holders for that context.
Manual activation in existing contexts
Here you can select the existing organization units for which the role should be available.
To the right of each context, there are two columns for specifying the minimum and maximum number of role holders for this context.
Revoke roles
The following overview shows all contexts (organization units) in which the selected role can no longer be reassigned. The number of role owners (persons) is displayed. With the delete cross you can withdraw the role from all role holders in the respective context. If you want to make the role available again in the respective context, select the corresponding context configurations in the previous menu.
