- Created by Dev Raj Gautam, last modified on May 14, 2024
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 7 Next »
Connectors
GCP Connector
In this latest release, GCP Connector has evolved and provides more advanced capabilities, ensuring an unparalleled experience in managing your Google Cloud Platform (GCP) resources.
The GCP Connector currently offers the following features:
Inventory of standard, service, and guest accounts with incremental and full inventory support.
Inventory of groups with incremental and full inventory support.
Inventory of group memberships for all account types with incremental and full inventory support.
Inventory of nested groups under a parent group.
Creating, updating, and deleting users and groups.
Provisioning accounts through EmpowerID Resource Entitlements.
Supporting disabling, enabling, and deleting accounts.
Resetting passwords for GCP accounts.
Handling group membership additions, removals, and ownership changes for all account types.
Assigning group memberships to accounts with management role (RBAC) assignment.
Microservices
Resource Admin
We are pleased to inform you about the recent updates to the Resource Admin microservice. These updates are designed to improve user experience by providing better control, flexibility, and efficiency in managing resources. We believe that these enhancements will significantly enhance user experience. For further details on these updates, please refer to the information provided below.
Improved Caching Mechanism for Faster Retrieval of Locations Data for Groups/Management Roles
Implemented an enhanced caching mechanism to optimize data retrieval for Locations associated with Groups/Management Roles. This improvement significantly improves the speed of fetching data, enhancing user experience.
Field Type Management for PBAC Application
We have added the ability for Resource Admins to directly add, edit, and delete field types within the application details interface for PBAC-supported applications.
Enhanced PBAC Approver Resolution for AzLocalRole Assignments
This update introduces an enhancement to the PBAC system, extending the rule for resolving approvers from PBAC Right assignments to AzLocalRole assignments. Now, application owners can efficiently manage both types of assignments within their applications without the need to switch to RBAC (Role-Based Access Control). By mapping approval rights to AzLocalRight and AzLocalRole, the system automatically identifies approvers based on specified criteria, such as possessing the approval right for the local right or role specified in the Business Request Item. This streamlined approach ensures that only direct assignees with the necessary qualifications are considered as approvers, simplifying the approval process and enhancing user experience.
Easier Management of App Right With Field Type for PBAC Applications
In this release, we have made some improvements to simplify application rights management for PBAC Applications. We have added a new functionality that allows you to add and assign app rights easily. By clicking the "Assign App Right" button, you will trigger a workflow where you can select the app right you want to grant and to whom, along with the relevant field type values. Additionally, you can use the "Edit" button to update the app rights and the selected field type values. This addition has made it easier for users to access and modify application rights directly.
Easier Management of Role Definition Assignments With Field Type for PBAC Applications
We have introduced a new update that simplifies the process of assigning role definitions within PBAC Applications. A key feature of this update is the "Assign Role Definition" functionality, which makes the assignment process more efficient. Users can assign role definitions and Field Types to specific individuals or groups with ease using the Assign role definition button. This triggers a wizard workflow that facilitates the assignment process. Additionally, users can make adjustments to role definitions and associated parameters effortlessly, thanks to the "Edit" button.
More Visibility and Easier Management of the Field Types from App Rights
By simplifying the interface, we have made it easier to manage and view Field Types within app rights. Field Types can now be accessed through a dedicated tab, which increases their visibility and makes them more user-friendly. Users can edit or delete existing field types effortlessly using this tab. Adding a new field type is also made easy through the self-service workflow called "ConfigureApplicationAuthorizationFieldType." To add a new field type, simply click the Add Field Type button, and the workflow will guide you through the process of integrating it seamlessly into your app rights.
Enhanced Visibility of Inventoried Permissions for Shared Folders
All inventoried permissions for shared folders are conveniently displayed within the resource admin UI. Previously, this feature was only accessible through the legacy application. With this update, users can easily access and manage inventoried permissions.
AzLocalRole Time Constraint Enhancements
The Assign AzLocalRole operation now adheres to the time limits that are set by the Access Request Policy. If the start and end dates are not specified (null), the system sets the start date to the current date and the end date to the current date plus the maximum time duration allowed for access (CurrentDatetime + TimeAccessMaximumDuration).
If the start and end dates are specified, the system validates the end date against the maximum allowed duration (AssignAzLocalRightScope.End > CurrentDatetime + TimeAccessMaximumDuration). It is set if the end date exceeds the maximum duration (CurrentDatetime + TimeAccessMaximumDuration).
Security Enhancements
We have made important improvements in this release to ensure the security of your system and data. We've upgraded the SAP integration library to SAP .NET Connector 3.1 (SNO), improving performance and compatibility. Introducing test certificate-based SNC authentication enhances user authentication's robustness. Additionally, S/MIME signing for outgoing emails enhances email communication security.
SAP Library Upgrade and Certificate-Based Authentication
The SAP integration library has been upgraded from ERPConnect to SAP .NET Connector 3.1 (SNO) for improved performance and compatibility. Security has been bolstered with the addition of test certificate-based SNC authentication.
S/MIME Encryption for Outgoing Emails
In this release, we are introducing S/MIME signing for emails sent from EmpowerID. This feature enhances the existing email encryption functionality by ensuring that emails are digitally signed using S/MIME certificates, adding another layer of security and trustworthiness to communications sent from EmpowerID.
RBAC System Optimization and Performance Enhancements
RBAC Performance Enhancements
We have introduced a series of optimizations and enhancements geared towards improving system stability, performance, and flexibility of the RBAC system in EmpowerID.
Indexes Views Replaced by Compiled Tables: Implemented a significant architectural change where index views are replaced by compiled tables, enhancing stability and performance.
Resolved Crashes: We addressed an issue where creating a new ResourceTypeRole or Location delegation would cause system crashes. Users can now create these delegations without encountering any crashes.
ResourceRole Redundancy Removed: We eliminated the need for ResourceRole by optimizing policy compilation. We now utilize the Resource combined with ResourceTypeRole. This optimization ensures flexibility in creating access levels without compromising performance.
RBAC Enhancements: RBAC processes and tables now rely on GUIDs for all compiled processes while retaining INTs for reference in compiled tables. Synchronization methods have been added to maintain consistency in IDs for migrations or regular updates.
Simplified Inheritance Handling: Removed the necessity for the block Inheritance table.
Improved Performance with Assignee Comparison: Enhanced performance by implementing AssigneeHash for assignee comparison, resulting in significant performance improvements.
RBAC Refactor: Conducted a comprehensive refactor of all session tables and methods in the RBAC system. Compilation processes are now prefixed with Rbac_Compile_ and provide constant progress updates.
Dynamic Compilation: Introduced new columns IsCompiledOperation and IsCompiledResourceTypeRole, eliminating the need to create a set of indexed views and methods for compiling operations or ResourceTypeRoles. This feature allows for on-demand compilation, ensuring efficiency and flexibility.
Bulk Update of Business Request Items
We have optimized the BusinessRequest and BusinessRequestItem with a bulk update feature. This update reduces data transmission and improves efficiency by sending only modified columns for the update.
IN THIS ARTICLE
- No labels