...
A new feature has been introduced to enhance the management of roles by adding a form that allows users to update various attributes of a management role. This enhancement will be utilized by all workflows that include the EditManagementRoleOperation activity, ensuring a more consistent and effective management process across the system. The new form supports the following operations: Enable Requestable, Disable Requestable, Edit Description, Edit FriendlyName, Edit Instructions, Edit Custom Attributes, Edit Extension Attributes, Edit Email, and Edit KeyEntryInstructionsName. This update aims to streamline the process and improve functionality by replacing individual operations with a more efficient RBACObjectAttribute and ResourceTypeOperation mapping approach.
A fix has been implemented to address an issue with the RemoveGroupsFromGroupMembershipBulkOperation, where nested groups were causing a Key not present in the dictionary error during fulfillment. The update includes modifications to ensure that member groups are added to the GroupDictionary, resolve the issue, and prevent errors related to missing keys. This fix will ensure smoother operation without impacting current customer setups.
A new feature has been introduced in the workflow MassMaintainenceManagemetRoleWF to allow users to import approvers by adding Approvers in the CSV file column. This enhancement enables the inclusion of approvers' data during the import process. The feature is designed to simplify the management of approvers and ensure they are properly imported with the necessary data. This update provides users with greater flexibility in handling approver information.
A new feature has been added to enhance the flexibility of configuring access request policies. Users can now set access request policy selection as either optional or required across various workflows. This feature was requested to allow different clients to tailor the policy settings according to their specific needs. Modified workflows are ManageAzLocalRightWizard, ManageAzLocalRoleWizard, ManageAzureAppRoleWizard, ManageAzureAppWizard, ManageCredentialWizard, ManageGroupWizard, ManageManagementRoleWizard, ManageComputerWizard.
Resolved Issues
A critical fix has been implemented to address an issue where unpublished resources could be added to the cart in the IT Shop despite being hidden from the user interface. This fix ensures that when users attempt to submit a cart containing unpublished resources, the system properly blocks the action and displays an appropriate error message on the UI.
A fix has been applied to address an issue in the process steps diagram where the fulfillment time was incorrectly displayed to users. With this update, the fulfillment time now accurately reflects the correct value, ensuring that users see the correct fulfillment timefor each step in the process.
An issue was resolved where the wrong Assignee ID was assigned while fetching dynamic field type values. Previously, the ID of the person logged in was used instead of the ID of the person to whom the field type was assigned. This update passes the correct Assignee ID, ensuring that the intended person's dynamic field type values are accurately fetched.
A fix has been implemented for the OnboardManagementRole to address an issue where the Policy Assignment Request (PAR) was not preselected correctly when SelectedApplicationID or SelectedResourceID was provided. This update ensures that the PAR is accurately preselected based on the given IDs, enhancing the system's functionality and ensuring that users receive the correct preselection when these parameters are used.
A fix has been implemented to resolve a sorting issue in the ZscalerAccessPolicyGrid. Previously, the grid was Priority column sorted by the Priority column, grid but it is now correctly sorted by the RuleOrder. The change ensures that the grid reflects the correct order of rules as intended.
Aug
...
19 - Aug 23
IAM SHOP
In the IAMShop application, a new feature has been added to improve the user experience when requesting access to applications. A Select All button has been implemented for multi-select FieldType controls, specifically for the MultiSelectCheckBoxList field type. This enhancement allows users to select all values associated with a FieldType in one action, streamlining the selection process and reducing manual entry time. Additionally, functionality has been added to force users to select at least one value when the EnforceFieldTypeSelection flag is true, and the isFieldTypes flag is also true. This will prevent users from adding to the cart without meeting the selection criteria. The EnforceFieldTypeSelection flag is available in OnboardAzLocalRight WF advanced settings.
A new feature has been introduced to display deputies for App Rights and Role Definitions based on configurable ResourceTypeRoles. The configuration is managed via the ResourceSystemConfigSetting with the name ResAdminDeputiesResourceTypeRolesIds, where you can define the ResourceType and its associated ResourceTypeRoleID for deputies. This update lets you see deputies assigned to App Rights and Role Definitions according to the configured ResourceTypeRoles.
...
The MassMaintenancePersonManagementRoleWF workflow has been enhanced to support additional parameters in CSV uploads for managing role memberships. The new fields include ValidFrom, ValidTo, and Justification. The ValidFrom and ValidTo fields manage time constraints, while the Justification field will be recorded in the audit log for both the management role and the person. Existing fields such as the management role name, person login or GUID, and action type (actions like Add or Delete /and Remove ) were already incorporated.
The OnboardAzLocalRole workflow has been enhanced to include the capability to set the PBAC Approval Right with a dropdown menu on the form. This enhancement provides additional functionality and better visibility options for PBAC Approval Rights.
Multiple UX functionality has been introduced for the ManageApplicationWizard. The "Pbac App" checkbox and its associated controls have been removed from the form. The description field has been updated to a multiline format. Help text has been added for the authorization model and checkboxes. Additionally, the "Cancel" button has been renamed to "Back," and issues with "Back" and "Next" steps have been fixed. The "Edit App Settings" list data item value has been renamed to "Edit Application Settings." Missing labels, including those for managing application settings, rights, roles, and help texts, have been added. Future updates will include protecting specific fields (Display Name, Description, App Authorization Model, Allow Role Definition Assignment, Allow Local Right Assignment, Allow Management Role Assignment, and System Identifier) with View & Edit operations for certain personas and adding a new "Advanced" tab with an editable SystemIdentifier field.
New functionality has been added to the ManageAzLocalRoleWizard workflow:
New Action: Added “Edit Role Definitions Settings” to Multi Actions with a disclaimer indicating that changes affect all selected role definitions.
PBAC Approval Right: Added a dropdown similar to the OnboardAzLocalRight workflow, with changes applied only upon selection.
Visibility Control: Introduced “Multi_PBACApprovalRight_IsVisible” to control field visibility in multi-action cases.
Field Population: Ensured that selected AzLocalRightID was populated in the “AzLocalRole” table’s “ApprovalAzLocalRightID” column.
Single Action: Added “Edit Role Definition Settings” to Single Actions, including a form to edit Name, Friendly Name, Description, Instructions, and PBAC Approval Right dropdown.
New Menu Items: Added new items for both Multi Actions and Single Actions in the ManageAzLocalRoleWizard.
Included changes from Manage IAM shop multi-settings and a bug fix related to the approval flow policy.
Multiple enhancements have been introduced in the ManageAzLocalRightWizard workflow:
Local Right Settings for Multiple Selection: Added the capability to configure local right settings when multiple rights are selected simultaneously.
Edit Owners and Deputies for Multiple Rights: The wizard now includes the option to edit owners and deputies for multiple local rights.
EnforceFieldTypeSelection: Added the
EnforceFieldTypeSelectionfield for both single and multiple selection scenarios.Deprecation of "Assign Responsible Party": Deprecated the "Assign Responsible Party" action for multi-selection, streamlining the process.
These updates enhance the flexibility and functionality of the ManageAzLocalRightWizard, allowing for more efficient management of local rights.
...