RoleType (Complex Type)

Namespace: http://midpoint.evolveum.com/xml/ns/public/common/common-3

Supertype: AbstractRoleType

A role in the extended Role-Based Access Control (RBAC) sense. The roles specify privileges that the user (or other object) should have.

The role may "grant" accounts on resources, attributes and entitlements for such accounts. The role can also assign organizational units, other roles or various IDM objects that can be assigned directly to user. From this point of view the role is in fact just a named set of assignments.

The roles form the basic building block of midPoint's extended role-based access control (RBAC) mechanism. It defines what rights (e.g. accounts) should be given to user, how they should look like (attributes) and what groups or native roles to assign to them (entitlements).

Roles can also specify user authorizations to access specific parts of midPoint. This is used to implement fine-grained authorization mechanism. When combined with organizational structure it forms a delegated administration mechanism.

Roles can also be conditional, i.e. applicable only if a specific condition is true. Roles can be parametric, e.g. the expressions inside the role can use parameters that were specified at the time when the role was assigned (as opposed to parameters defined when the role was defined).

Item Summary  
Name Type Multiplicity Description
name property
PolyStringType
[0,1] Human-readable, mutable name of the object. 
description property
string
[0,1] Free-form textual description of the object. 
fetchResult property
OperationResultType
[0,1] Result of the operation that fetched this instance of the object. 
extension container
ExtensionType
[0,1] Extension container that provides generic extensibility mechanism. 
parentOrgRef reference
ObjectReferenceType
[0,-1] Set of the orgs (organizational units, projects, teams) that the object relates to. 
trigger container
TriggerType
[0,-1] Defines triggers for an object. 
metadata container
MetadataType
[0,1] Meta-data about object creation, modification, etc. 
tenantRef reference
ObjectReferenceType
[0,1] Reference to the tenant to which this object belongs. 
lifecycleState property
string
[0,1] Lifecycle state of the object. 
linkRef reference
ObjectReferenceType
[0,-1] Set of shadows linked to this focal object. 
assignment container
AssignmentType
[0,-1] Set of object's assignments. 
activation container
ActivationType
[0,1] Type that defines activation properties. 
iteration property
int
[0,1] Iteration number. 
iterationToken property
string
[0,1] Iteration token. 
roleMembershipRef reference
ObjectReferenceType
[0,-1] References to abstract roles (roles, orgs, services) that this focus currently belongs to - directly or indirectly. 
delegatedRef reference
ObjectReferenceType
[0,-1] References to objects (abstract roles as well as users) obtained via delegation. 
roleInfluenceRef reference
ObjectReferenceType
[0,-1] References to abstract roles (roles and orgs) that this focus may directly belong to. 
jpegPhoto property
base64Binary
[0,1] Photo corresponding to the user / org / role. 
policySituation property
anyURI
[0,-1] The policy situation(s) of this object. 
displayName property
PolyStringType
[0,1] Human-readable name of the role or org. 
identifier property
string
[0,1] Identifier of the role or org. 
inducement container
AssignmentType
[0,-1] Inducements define the privileges and "features" that other objects should have. 
authorization container
AuthorizationType
[0,-1] Set of role authorizations. 
requestable property
boolean
[0,1] If set to true then this role may be directly requested by the users. 
delegable property
boolean
[0,1] If set to true then this role may be delegated to a deputy. 
exclusion container
ExclusionPolicyConstraintType
[0,-1] Specification of excluded roles (part of Segregation of Duties policy). 
riskLevel property
string
[0,1] Indication of the level of risk associated with the persissions that this role assigns. 
ownerRef reference
ObjectReferenceType
[0,1] Owner of this role. 
approverRef reference
ObjectReferenceType
[0,-1] Approvers for this role. 
approverExpression property
ExpressionType
[0,-1] Approvers for this role. 
approvalSchema container
ApprovalSchemaType
[0,1] More complex (multi-level) approval schema. 
approvalProcess property
string
[0,1] Name of custom approval process. 
automaticallyApproved property
ExpressionType
[0,1] Condition specifying when the assignment is automatically approved (e. 
condition property
MappingType
[0,1]  
policyConstraints container
PolicyConstraintsType
[0,1] Set of governance, risk management, compliance (GRC) and similar policy constraints that influence the identity model. 
adminGuiConfiguration property
AdminGuiConfigurationType
[0,1] Specifies the admin GUI configuration that should be used for the members of this role. 
roleType property
string
[0,1] Type of a role, usually denotes a "layer" or "purpose" of the role.