The schema object whose instances contain a role request object. This request object is used by the role driver to provision the role.
Table C-6 Request Object Schema Definition
|
Attribute |
Description |
|---|---|
|
nrfApprovalInfo |
Holds approval data needed by role view and reports. |
|
nrfApprovalProcessid |
Workflow process instance ID for role assignment approval. |
|
nrfApprovers |
Role approvers. Order of approvers can be maintained by an integer in the second element. |
|
nrfCategory |
10-Role To User Add 15 - Role to User Remove |
|
nrfCorrectionId |
Used to group the role assignments request together. |
|
nrfDecisionDate |
Indicates date when the request cleanup process evaluation should happen. |
|
nrfDescription |
Description/Comment of the role request. |
|
nrfEndDate |
Indicates end date of role assignment. |
|
nrfImmediate |
Indicates whether the permission has to be assigned immediately. |
|
nrfMacros |
Macros definitions for approval by relationship. |
|
nrfOriginator |
Used to determine what component originated role assignment request: user application, role request workflow activity, or policy. |
|
nrfQuorum |
Used to support quorum approvals in templated PRDs. The quorum condition can be percentage or numbers of approvers required. |
|
nrfRequestDate |
Date-time role request started. |
|
nrfRequester |
DN of user or role that requested assignment. |
|
nrfRequestDef |
Provisioning request definition used for approving the role. |
|
nrfSODApprovalInfo |
Approval data needed for SOD violation reporting. |
|
nrfSODApprovalProcessId |
Provisioning request definition used for SOD Approval if SOD conflict arises. |
|
nrfSODConflicts |
List of SOD conflicts with the permission request. |
|
nrfSODQuorum |
SOD quorum condition used for resolving SOD conflicts. |
|
nrfSODRequestDef |
SOD definition that permission request resulted in conflict. |
|
nrfStartDate |
Start date of the role assignment. |
|
nrfSourceDN |
DN of user to whom the role is to be added or removed. |
|
nrfTargetDN |
DN of user who will be granted the resource or from whom the resource will be revoked. |
|
nrfStatus |
Status of request. Valid codes are described in Request Status Codes (nrfStatus). |
Table C-7 Valid Request (nrfStatus) Status Codes
|
Status Code |
Key |
Description |
|---|---|---|
|
00 |
New Request |
Set by User Applications on newly created nrfRequest. |
|
02 |
SOD RETRY |
Driver will reattempt to start the SOD workflow. |
|
03 |
SOD RETRY PENDING |
Occurs when the driver is not able to start a SOD workflow.A driver task will then reset these requests to SOD_WORKFLOW_START_PENDING, to retry the starting of the workflow. |
|
05 |
SOD PENDING |
SOD approval pending; set by the driver after successfully initiating the SOD workflow. |
|
10 |
SOD APPROVED |
SOD approved; set by the SOD workflow when approved. |
|
12 |
Approval_RETRY |
Driver will reattempt to start the workflow. |
|
13 |
Pending_Approval_RETRY |
Occurs when the driver is not able to start the approval workflow. |
|
15 |
Approval Pending |
Set by driver after successful assignment/revocation workflow. |
|
20 |
Approved |
Set by resource assignment/revocation workflow when approved. |
|
25 |
Assignment PENDING |
Activation time pending; set by the driver after obtaining all necessary approvals and when the activation time has not been reached. |
|
30 |
Provision/Deprovision |
Set by driver after all necessary approvals have been approved and role activation time has been reached. |
|
50 |
Provisioned/Deprovisioned |
Set by driver after role has been provisioned or deprovisioned. |
|
70 |
Cancel |
Request cancellation |
|
75 |
Cancelled |
Cancellation request completed. |
|
80 |
Provisioning Error |
Set by driver when an error occurred during provisioning or deprovisioning. |
|
90 |
SOD Denied |
SOD denied; set by SOD exception workflow when denied. |
|
95 |
DeniedSet |
Set by assignment/revocation workflow when approved. |
|
100 |
CleanupSet |
When nrfResourceRequest workflow should be deleted. |