Role Owner
Each role is assigned to one or more so-called "role owners". The role owner is the person responsible for the respective role, e.g. for the role "Conventional Buyer".
The role owner uses legal and organizational guidelines to decide in which organizational units the role may be assigned. Furthermore, he determines the conditions that role owners must fulfil in order to be able to use a role (e.g., checking whether a a connection between the Identity Management data and RWTH Person Directory data must be available for the role owner). Finally, he decides for which systems the role can be used and which authorizations are granted via the role.
Configuration of the role by the role owner
The role administration provides role owners with a configuration tool for this purpose under the menu item "Configure role". In the navigation on the left, role owners see the item "Configure role". After selecting the role, a table with five configuration items follows. After the desired item has been selected and confirmed via the "Next" button, the corresponding configuration page opens, which are described in sequence below.
Description and contact
The following fields can be filled in by the role owner:
Keywords | keywords are displayed to role owners and role administrators in the role administration. They can be used for searching. It is requested to separate multiple keywords by a comma followed by a space. |
Start Date | This date is used to control the visibility of this role. The date should be set to the production start date of the role. From this date on, this role will be publicly displayed in the Other Roles section of the role administration, all role owners will be informed about the creation of new contexts via email, and the role can be unlocked for contexts. |
Description | Here a text can be entered to describe what can be done with the role. This text will be displayed to the role administrators in the role administration and to the role owners in the self-service. |
Contact | This contact will be displayed together with the names role owners to all role administrators in the role administration. Role administrators will use this contact to request role activation for their respective context. |
Role owner | Roll owners can independently appoint other persons as roll owners and withdraw their own authorization. At least one person must be registered as a role owner. |
Info links
The links configured here are displayed to the role owners in Selfservice under the "Roles" menu item. These links receive extended descriptions of the roles such as documentation of the rights and duties of the role holders.
Target system links
The target system links are also displayed to role owners in Selfservice under the "Roles" menu. These links lead to systems in which work can be done by obtaining the role.
Note about CheckTicket ! If a link leads to a CheckTicket (discontinued) protected system, its URL cannot be changed |
Conditions
The role owner uses the conditions to specify which conditions a person must fulfill when redeeming the role coupon. If the conditions are not met, the person cannot accept the role. The conditions "has expiration date" and "PVZ" are checked regularly on a daily basis and will result in the loss of the role if not fulfilled. This triggers an info mail to the person concerned and to the role administrators of the corresponding context (i.e. organizational unit).
Contexts
Here you can set which organizational unit may assign the role. In the case of a newly created role, the role owner must activate the role for the affected contexts in parallel with informing the role administrators of these contexts. In the delivery state, the role cannot be used in any context.
If the role owner checks the box in the header line, all organizational units are selected. Then individual organizational units can be deselected again. However, individual contexts can also be ticked if the role is only to be assigned in a few organizational units.
As soon as the role owner unchecks a context, the role cannot be reassigned there.
In the columns on the right, one can configure the minimal und maximal number of role owners for the context. It is not possible to issue a role coupon for other persons if the maximal number of the role owners has been reached. It is not possible to revoke a role (neither automatically nor manually) either if the minimal number has been reached.
Revoke roles
The following overview shows all contexts (organizational units) in which the selected role can no longer be reassigned. The number of role owners (persons) is displayed. With the delete cross you can withdraw the role from all role holders in the respective context. If you want to reassign the role in the respective context, select the "Contexts" item in the previous menu.