The schema object whose instances contain a role request object. This request object is used by the role driver to provision the role.
Table C-6 Request Object Schema Definition
Attribute |
Description |
---|---|
nrfApprovalInfo |
Holds approval data needed by role view and reports. |
nrfApprovalProcessid |
Workflow process instance ID for role assignment approval. |
nrfApprovers |
Role approvers. Order of approvers can be maintained by an integer in the second element. |
nrfCategory |
10-Role To User Add 15 - Role to User Remove |
nrfCorrectionId |
Used to group the role assignments request together. |
nrfDecisionDate |
Indicates date when the request cleanup process evaluation should happen. |
nrfDescription |
Description/Comment of the role request. |
nrfEndDate |
Indicates end date of role assignment. |
nrfImmediate |
Indicates whether the permission has to be assigned immediately. |
nrfMacros |
Macros definitions for approval by relationship. |
nrfOriginator |
Used to determine what component originated role assignment request: user application, role request workflow activity, or policy. |
nrfQuorum |
Used to support quorum approvals in templated PRDs. The quorum condition can be percentage or numbers of approvers required. |
nrfRequestDate |
Date-time role request started. |
nrfRequester |
DN of user or role that requested assignment. |
nrfRequestDef |
Provisioning request definition used for approving the role. |
nrfSODApprovalInfo |
Approval data needed for SOD violation reporting. |
nrfSODApprovalProcessId |
Provisioning request definition used for SOD Approval if SOD conflict arises. |
nrfSODConflicts |
List of SOD conflicts with the permission request. |
nrfSODQuorum |
SOD quorum condition used for resolving SOD conflicts. |
nrfSODRequestDef |
SOD definition that permission request resulted in conflict. |
nrfStartDate |
Start date of the role assignment. |
nrfSourceDN |
DN of user to whom the role is to be added or removed. |
nrfTargetDN |
DN of user who will be granted the resource or from whom the resource will be revoked. |
nrfStatus |
Status of request. Valid codes are described in Request Status Codes (nrfStatus). |
Table C-7 Valid Request (nrfStatus) Status Codes
Status Code |
Key |
Description |
---|---|---|
00 |
New Request |
Set by User Applications on newly created nrfRequest. |
02 |
SOD RETRY |
Driver will reattempt to start the SOD workflow. |
03 |
SOD RETRY PENDING |
Occurs when the driver is not able to start a SOD workflow.A driver task will then reset these requests to SOD_WORKFLOW_START_PENDING, to retry the starting of the workflow. |
05 |
SOD PENDING |
SOD approval pending; set by the driver after successfully initiating the SOD workflow. |
10 |
SOD APPROVED |
SOD approved; set by the SOD workflow when approved. |
12 |
Approval_RETRY |
Driver will reattempt to start the workflow. |
13 |
Pending_Approval_RETRY |
Occurs when the driver is not able to start the approval workflow. |
15 |
Approval Pending |
Set by driver after successful assignment/revocation workflow. |
20 |
Approved |
Set by resource assignment/revocation workflow when approved. |
25 |
Assignment PENDING |
Activation time pending; set by the driver after obtaining all necessary approvals and when the activation time has not been reached. |
30 |
Provision/Deprovision |
Set by driver after all necessary approvals have been approved and role activation time has been reached. |
50 |
Provisioned/Deprovisioned |
Set by driver after role has been provisioned or deprovisioned. |
70 |
Cancel |
Request cancellation |
75 |
Cancelled |
Cancellation request completed. |
80 |
Provisioning Error |
Set by driver when an error occurred during provisioning or deprovisioning. |
90 |
SOD Denied |
SOD denied; set by SOD exception workflow when denied. |
95 |
DeniedSet |
Set by assignment/revocation workflow when approved. |
100 |
CleanupSet |
When nrfResourceRequest workflow should be deleted. |