Roles

The roles in the workflow allow you to define the candidate(s) for manual actions. For instance:

• who can launch a new Review Campaign (ex: the Security Team)
• who can review an organization (ex: its manager(s))
• who receives the list of remediations once a campaign is completed (ex: the service desk)

Roles can be static (ex: the Security Team) or dynamic (ex: the Manager(s) of the organization DCOM).

Roles are used for:

• Start components: to list people authorized to start the process
• Manual tasks: to list the candidates
• Notifications: to list the identities that will receive an email

Roles correspond to the people that can perform the manual activity, or that should be involved in reminders and/or escalations. They have to be defined before hand in the Process Role section of the workflow configuration tab:

The definition of roles are based on rules. For more information on how to create rules please consult the corresponding documentation.

Adding and modifying a role will open a new window (see below) where all the configuration is done.
The mandatory fields are: Display name, Description and Rules.

If your rule requires an input parameter you have the possibility to pass said parameters to your rule in the parameter section. The product will automatically see if an input parameter is expected by the rule and allow you to select what is the corresponding parameter.

Identities within Role can also be calculated using javascript (via the onComputeRole field present each time a role can be set in the workflow).
You can use javascript to modify the array of identities provided by the role to compute advanced roles.

In the start component, the role is defined in "Role" tab:

In the Manual Task, Roles are defined in the "Role/Reminder" tab:

You can also use roles in the "Escalation" tab (optional):

Roles for notifications are configured via a drop-down list:

See the notification section for more information on this subject.
Workflow email notification.