Role type attributes are configured in the types section of the Role Configuration object. For each type of role in the list, for example business or IT roles, you must specify the following attributes:
Specifies the type’s display name whose value is a message catalog key.
Specifies the authorization type associated with the role type. An authorization type enables fine-grain authorization for who is allowed to view and manage this role type. If you have not yet defined an authType, add one to the AuthorizationTypes configuration object. You must reference that authType within an AdminGroup (capability) as a type within a Permission that grants access to roles of this authType.
All roles have an authorization type. If you load a role without an authorization type, the authorization type defaults to ITRole.
The type of work items that can be created for role assignment approval and role change approval. If you have not yet defined the specified workItem types, add them to the WorkItemTypes configuration object.
The features attribute includes the following features:
changeApproval. If specified, indicates that Owners specified in the Role must approve any changes to a Role of this type. If no Owners are specified, then no approvals occur.
changeNotification. If specified, indicates that any changes to a Role of this type will send email notifications to the owners of the specified Role.
containedTypes. Required feature whose value is the list of Role types that can be contained in this type, where the allowed values are:
Custom role types
assignResources. If specified, indicates that resources and resource groups can be assigned to roles of this type. If not specified, defaults to no Resources can be assigned to Roles of this type.
userAssignment. If specified, indicates whether Roles of this type can be directly assigned to Users. If this Role type can be assigned directly to Users, this feature also specifies whether the Users can be assigned manually and automatically. If not specified, defaults to user assignment not allowed.
Automatic assignment is not supported in this release, but will be in a future release.
manual. If specified (for example true or false), indicates whether you can manually assign Roles of this type to Users.
activateDate. If specified (for example true or false), indicates whether you can specify a future activation (start) date for Roles of this type when assigned to a User. Note that this feature is valid only if userAssignment.manual is true.
deactivateDate. If specified (for example true or false), indicates whether you can specify a future deactivation (end) date for Roles of this type when assigned to a User. Note that this feature is valid only if userAssignment.manual is true.
You can set both activateDate and deactivateDate to true, even if userAssignment.manual is not. If you set both attributes to true for a roleType, and if the role is contained by another role optionally, then you can specify activate and deactivate dates when assigning the optional role to a user.
roleExclusions. If specified, indicates that Roles of this type allow the Role editor to specify a list of Roles that cannot be assigned to a user if this Role is assigned; an exclusion list.