BP03C - End-User Role Request

BP03C - End-User Role Request

To help understand the content of this document, readers should familiarize themselves with the key definitions and actors.

Overview

This Business Process (BP) covers the procedure for requesting roles by End-Users of Simpl-Open. This BP applies in the following situations:

• When a federated user logs in for the first time without any assigned roles, the only permitted action will be to request one or more roles
• When a local user identifies the need to request additional roles

If a user is created with pre-assigned roles, or if federation is configured to automatically map organisational roles to Simpl roles, the user will be fully operational without the need to request a role through this BP.

It includes the following main steps:

• Request role: End-User creates and submits the role request to the Participant's Tier 1 User and Roles Manager
• Review role request: Participant's Tier 1 User and Roles Manager reviews the submitted role request

Actors

The actor involved in this business process is referred to as the Participant, and can correspond to an End-User or Representative of the:

• Consumer
• Provider
• Governance Authority

Assumptions

The following assumptions are made:

• The Participant has installed the Simpl-Open agent, and default users and roles are available for usage.

Prerequisites

The following prerequisites must be fulfilled:

• Governance Authority Agent configured and ready for operations: The Governance Authority has defined the onboarding procedure and identity attributes relevant for the data space (Business Process 2).
• Participant's User and Roles configured: The Participant's Agent has been configured, Participant's Agent User and Roles module is configured, and Tier 1 users can start logging in to perform operations within the Agent (Business Process 3B)

Details

The following shows the detailed business process diagram and gives the step descriptions.

Trigger onboarding of a new data space Participant End-User

The Participant's End-User logs into Simpl-Open and initiates the preparation and submission of the individual onboarding request.

BP03C.01 Request Role

The Participant's End-User prepares the role request by filling out the form, providing all the requested information specifying the roles they are requesting. The request is then submitted for review.

BP03C.02 Review Role Request

The Participant's Tier 1 User Roles Manager reviews the submitted role request. During the review, the Participant's Tier 1 User Roles Manager checks whether the requested role matches the user’s declared responsibilities and validates that the role request does not exceed the appropriate access scope, in accordance with the principle of least privilege. As an outcome of this step, the Participant's User Role Manager can either approve or reject the role request depending on the scenarios:

• Approve the role request by assigning the role (or a different role than the one requested if the user selected a role that is not applicable) to the end user.
• Reject the role request (e.g. rejection can happen when user is not allowed to use Simpl-Open or the user requests a role that is not applicable)

BP03C.03 Notify Role Request Rejected

The end user is notified that their role request has been rejected.

BP03C.04 Notify Role Request Accepted

The end user is notified that their role request has been approved and is informed of the assigned role.

Outcome

• End-User requested roles assigned: the End User's requested roles have been assigned due to role request acceptance
• End-User requested roles not assigned: the End User's requested roles have not been assigned due to the role request rejection

High Level Requirements

• 3C.1 - Access Control - End-User Role Request
  Simpl shall allow end users, both local and federated, to submit role ...
  See more details

Back to Simpl requirements overview