Please note that these release notes are for a future release and are currently in progress. The information contained within may change before the final release. As such, the final release notes will be prepared closer to the official launch date.
Aug 16 - Aug 23
IAM SHOP
In the IAMShop application, a new feature has been added to improve the user experience when requesting access to applications. A Select All button has been implemented for multi-select FieldType controls, specifically for the MultiSelectCheckBoxList field type. This enhancement allows users to select all values associated with a FieldType in one action, streamlining the selection process and reducing manual entry time. Additionally, functionality has been added to force users to select at least one value when the EnforceFieldTypeSelection flag is true, and the isFieldTypes flag is also true. This will prevent users from adding to the cart without meeting the selection criteria. The EnforceFieldTypeSelection flag is available in OnboardAzLocalRight WF advanced settings.
A new feature has been introduced to display deputies for App Rights and Role Definitions based on configurable ResourceTypeRoles. The configuration is managed via the ResourceSystemConfigSetting with the name ResAdminDeputiesResourceTypeRolesIds, where you can define the ResourceType and its associated ResourceTypeRoleID for deputies. This update lets you see deputies assigned to App Rights and Role Definitions according to the configured ResourceTypeRoles.
Workflows
The MassMaintenancePersonManagementRoleWF workflow has been enhanced to support additional parameters in CSV uploads for managing role memberships. The new fields include ValidFrom, ValidTo, and Justification. The ValidFrom and ValidTo fields manage time constraints, while the Justification field will be recorded in the audit log for both the management role and the person. Existing fields such as the management role name, person login or GUID, and action type (Add or Delete/Remove) were already incorporated.
The OnboardAzLocalRole workflow has been enhanced to include the capability to set the PBAC Approval Right with a dropdown menu on the form. This enhancement provides additional functionality and better visibility options for PBAC Approval Rights.
Multiple UX functionality has been introduced for the ManageApplicationWizard. The "Pbac App" checkbox and its associated controls have been removed from the form. The description field has been updated to a multiline format. Help text has been added for the authorization model and checkboxes. Additionally, the "Cancel" button has been renamed to "Back," and issues with "Back" and "Next" steps have been fixed. The "Edit App Settings" list data item value has been renamed to "Edit Application Settings." Missing labels, including those for managing application settings, rights, roles, and help texts, have been added. Future updates will include protecting specific fields (Display Name, Description, App Authorization Model, Allow Role Definition Assignment, Allow Local Right Assignment, Allow Management Role Assignment, and System Identifier) with View & Edit operations for certain personas and adding a new "Advanced" tab with an editable SystemIdentifier field.
New functionality has been added to the ManageAzLocalRoleWizard workflow:
New Action: Added “Edit Role Definitions Settings” to Multi Actions with a disclaimer indicating that changes affect all selected role definitions.
PBAC Approval Right: Added a dropdown similar to the OnboardAzLocalRight workflow, with changes applied only upon selection.
Visibility Control: Introduced “Multi_PBACApprovalRight_IsVisible” to control field visibility in multi-action cases.
Field Population: Ensured that selected AzLocalRightID was populated in the “AzLocalRole” table’s “ApprovalAzLocalRightID” column.
Single Action: Added “Edit Role Definition Settings” to Single Actions, including a form to edit Name, Friendly Name, Description, Instructions, and PBAC Approval Right dropdown.
New Menu Items: Added new items for both Multi Actions and Single Actions in the ManageAzLocalRoleWizard.
Included changes from Manage IAM shop multi-settings and a bug fix related to the approval flow policy.
Multiple enhancements have been introduced in the ManageAzLocalRightWizard workflow:
Local Right Settings for Multiple Selection: Added the capability to configure local right settings when multiple rights are selected simultaneously.
Edit Owners and Deputies for Multiple Rights: The wizard now includes the option to edit owners and deputies for multiple local rights.
EnforceFieldTypeSelection: Added the
EnforceFieldTypeSelectionfield for both single and multiple selection scenarios.Deprecation of "Assign Responsible Party": Deprecated the "Assign Responsible Party" action for multi-selection, streamlining the process.
These updates enhance the flexibility and functionality of the ManageAzLocalRightWizard, allowing for more efficient management of local rights.
Resolved Issues
A fix has been implemented to correct the handling of management role grant access in the business request process. The issue was that the OnboardManagementRole workflow incorrectly added the management role as a member instead of under the "Grant Access" section. To resolve this, the CreateBRManagementRoleOnboarding activity and onboardManagementRoleApproval workflow have been updated to ensure the role is added correctly under "Grant Access." This fix addresses the problem and ensures that any customer using this workflow with the approval process can process requests without errors.
A fix has been implemented to address an issue where the IsInherited flag was missing from the API response. This prevented the UI from performing certain operations, such as disabling and unassigning options in the right list box.
A fix has been applied to correct the display of start and end dates in the Role Definitions listings screen. Previously, the dates were not being displayed accurately, which caused confusion in the listings. This fix resolves the issue, ensuring that start and end dates are represented correctly.
Updated the email-sending functionality to exclude recipients who do not have a locale set when sending emails to multiple people.The previous implementation attempted to send emails to all recipients, regardless of whether they had a locale set, which could cause issues. This fix ensures that only recipients with a set locale receive the email.
Fixes in ManageApplicationWizard Workflow
Multiple issues have been addressed in the ManageApplicationWizard workflow to enhance the user experience:
Cancel/Back Button Missing: The absence of the "Cancel" and "Back" buttons on the "Select Application" page has been resolved, allowing users to abort the workflow if needed.
Executive Summary Page: After editing any settings within the "Edit Application Settings" option, the workflow now correctly displays an Executive Summary page instead of just a confirmation message. The user will no longer be redirected directly to the "Select Workflow" page.
Multiple Application Selection Issues: Several issues related to selecting multiple applications have been fixed:
Only the last selected application was previously shown in the "You selected this Application to manage" section. Now, all selected applications are correctly displayed.
The count of selected applications was incorrectly displayed as 0. This issue has been corrected.
Locale-related issues with the displayed application count have been fixed.
These fixes ensure a smoother and more intuitive workflow experience for users.
A critical issue affecting the assignment of rights to management roles in the UI has been resolved. Previously, users could only assign app rights to management roles for the first seven app rights in the native UI. When attempting to assign rights from the 8th app right onwards, the respective app rights would not appear in the "Assign Rights to Management Role" modal. This was due to pagination, which filtered only the first seven fetched elements. The fix ensures that all app rights, regardless of their position in the list, are now available for management role assignments in the native UI. This fix restores full functionality to the role assignment process, allowing users to manage app rights effectively without any limitations.