4.1.2.2 _Application authority popup_

In the application authority request form, when the "Add" button of the authority to be requested is clicked, the following popup screen is displayed:
images/download/attachments/1089209/worddavffdea91484ae6d4e5f4f8866f37112c3.png
<Select authority popup>

On this popup screen, only systems where authorities (resource, role, menu) that can be requested by the user exist are shown in the list.
To add as an authority to be requested, select the checkbox for the system (resource) authority to be requested, select the system use period of the system (start date, end date), and then click the "Add" button.
Each of the items is described below.

Checkbox: Select the checkbox of the system item to be requested, and then click the "Add" button to add as an authority to be requested. For systems for which system (resource) authorities cannot be requested, the checkbox is disabled.
System: Displays the system name
Code: Displays the system code
Role: Brings up the screen for the list of requestable roles of the system. Enabled if roles exist in the system.
Menu: Brings up the screen for the list of requestable menus in the system. Enabled if menus exist in the system.
System group: The system group where the system belongs is displayed.
Description: A description of the system is displayed.

The buttons are explained below.

Add: Adds the selected system (resources) as an authority to be requested
Close: Closes the popup screen
Search: Shows the authorities that can be requested with the selected search conditions

The following is the screen shown when an enabled "role" is selected from the list of requestable systems:
images/download/attachments/1089209/worddav1e66c9d39e6d5c5e902dfbd23b9a5fc9.png
<List of requestable roles of a particular system>

Here, a list of requestable roles in the system is shown.
To add as an authority to be requested, select the checkbox for the role to be requested, select the use period of the role (start date, end date), and then click the "Add" button.
Each of the items is described below.

Checkbox: Select the checkbox of the role item to be requested and click the "Add" button to add as an authority to be requested.
Role: Displays the role name
Code: Displays the code name
Parent name: Displays the parent name of the role. In other words, the full path of the role is displayed.
Description: Displays a description of the role

The buttons are explained below.

List: Brings up the list of requestable systems
Add: Adds the selected role as an authority to be requested
Close: Closes the popup
Search: Shows the roles that can be requested with the selected search conditions

The following is the screen shown when an enabled "menu" is selected from the list of requestable systems:
images/download/attachments/1089209/worddav324ed039e86613684fdfc2bb3066a942.png
<List of requestable menus>

Here, the menu tree of the system is displayed. For requestable menus, the checkbox is enabled; for menus that are not requestable, the checkbox is disabled.
To add as an authority to be requested, select the checkbox for the menu to be requested, select the use period of the menu (start date, end date), and then click the "Add" button.
Each of the items is described below.

: is clicked to view the child menu of the menu. is clicked to close the child menu of the menu.
Checkbox: Select the checkbox of the role item to be requested and click the "Add" button to add as an authority to be requested.
Menu: Displays the menu name
Code: Displays the code name
Menu action: Displays the actions of the menu. In Menu action, the actions that can be handled in the menu can be selected. For actions as well, only requestable actions are enabled.
Description: Displays a description of the menu

The buttons are explained below.

List: Brings up the list of requestable systems
Add: Adds the selected menu as an authority to be requested
Close: Closes the popup
Search: Shows the menus that can be requested with the selected search conditions

When an authority to be requested is added as shown above, authorities are shown in the authority to be requested as shown in the following:
images/download/attachments/1089209/worddav0b74b375e790353bc8135bdf7d9cd013.png
<authority to be requested>
Each of the items is described below.

Checkbox: Select the checkbox and click the "Delete" button to delete the request authority item.
Type: Displays the authority type

: System (resource)
: Role
: Menu

System group: Displays the system group where the authority belongs
System: Displays the system name that has the authority
Name of authority: Displays authority name, such as system (resource) name, role name, and menu name
Code: The authority code is displayed.
Usage period: Displays the usage period of the authority to be requested
Menu action: If the type of the authority to be requested is menu, and a menu action exists, the menu action to be requested is displayed.

After adding all authorities to be requested, click the "Next" button to continue entering the details necessary for the request.

※ Note

If the authorities are not shown on the request authority popup of the profile center, please check the following:

1. Are the requestable resources, roles, and menus set to requestable?

In Resource Management > Resource Management > (specific resource) info > Authority policy, the authority request attribute must be set to "Possible".
In Resource Management > Resource Management > (specific resource) authority tab > Request possibility of the role and menu in each item must be set to "Possible".

2. Has an approver been designated for the approvable resources, roles, and menus?
By default, authorities for which there is no approver cannot be requested.
An approver must be designated for each resource, role, and menu item.
When there are a large number of role/menu items, and the same approver is being registered, select the applicable role and menu items, and then designate the approver in "All approvers". This way, the approver need not be designated for each individual item.

3. Is the registered resource registered as the main group in a particular resource group?
Registered resources are displayed only when they are registered in "All resources" on the resource tree.
Resources must be categorized and registered by registering resource groups.
Whereas a given resource can be registered in multiple resource groups, because the resource attribute info registered in the "Main group" is shown in the profile center, the main group must be designated accurately.

4. Is the type of registered resource properly registered?
In resource attributes, in the "type" attribute, the application resource must be registered as "app".
Among resource attributes, in the "type" attribute, the system account resource must be registered as a "sys.~" value.

5. In the "User authority scope" of the requester's group info, is info on the authority to be requested registered?
The authority info that can be requested by the requester is the authorities registered in the "User authority scope" of the group where the requester belongs (includes all groups including directly affiliated group and rule groups).
In other words, using the authority info registered here, the range of authorities that each user can request can be restricted.
In "User authority scope", "Add my scope" is an authority displayed only when a user requests an authority in person.
In the "User authority scope," "Add delegation scope" is an authority displayed both when a user requests an authority in person and when the request is made by proxy.
In other words, the range of "Add my scope" < "Add delegation scope".

Only when the conditions above are satisfied is authority info displayed on the authority popup.