Position change request
End users can have promotion and demotion during their career. This information usually comes from HR system and can be stored in the user object. Fields that can support position change monitoring in OpenIAM are:
- Job Code (metadata-based field).
- Title.
- Employee type (metadata-based field).
- Location code.
- Location name.
Administrator can configure field or combination field, together with changing a supervisor in the webconsole > System Configuration > Workflow tab. Combination of field and supervisor changing means that position change request will be initiated only when both field and supervisor got changed, this can happen even in two separate transactions. For example, a user got their title changed and then in a week a supervisor changed as well; in this case request will be initiated at the moment of supervisor change. If user had initial value in the configured field and at some point, value got changed (change might have come from HR or modified directly via OpenIAM UI, it doesn't matter), OpenIAM recognizes it as a position change and triggers position workflow initiation. Approval flow is defined in Review All Access Change Position resource. If field is not selected in System Configuration position change request won't be ever initiated.
Another configuration available in the System Configuration > Workflow tab is Include in Position Change request only role and groups requested from service catalog. When requested through service catalog, the access is assigned to a user with a description equals to request ID. And then if the checkbox is enabled, workflow service will collect entitlements of user only where description is not empty. This is done to avoid reviewing the position change for user's birthright access.
Reviewer of position change request can approve: keep all current user's access mentioned in request, reject: revoke all user's access mentioned in request or partly approve (items marked as do not approve will be revoked, while other access will remain unchanged).