Create an Entitlement
Entitlements can be created and configured in the Catalog interface. Follow these two steps to create a new entitlement.
Click Add Entitlement.
The entitlement form contains two tabbed interfaces: General and Conflicts & Dependencies. In the top section of the General form, the entitlement name and data classification are both required. In the bottom section of the General form, all fields marked with a red asterisk and fields with a drop-down box showing Select are required. The Conflicts & Dependencies interface is optional and conflicts or dependencies are created by dragging available entitlements to the right. Conflicts or dependencies are removed by dragging entitlements to the left. Once all required fields are complete, the Save button becomes enabled. Complete the required fields in the General form with any necessary conflicts or dependencies and click Save.
The General form fields are described in the following table.
Field | Description |
|---|---|
Owners | The owner of the entitlement. At least one entitlement owner is required |
Data Classification | The Data Classification associated with the Entitlement. |
Expiration Type | Administrators can choose to have entitlements never expire, expire a selected time from now, or on a selected date. Click the desired option and, if selecting days or date, click the listed value to configure. |
Binding | There are four binding types.
Composite entitlements function as a group of SINGLE binding entitlements. |
Status | Active or inactive. |
Access Control | Role-based or Attribute-based. Role-based access control allows administrators to incorporate existing roles. Existing roles can be found with dynamic searching. Attribute-based access control allows administrators to write custom LDAP filters. In either case, only users matching the selected roles or LDAP filter will be able to view and request the entitlement. |
Priority | Orders this resource on the dashboard and requests tab. A priority of -1 gives it no special ordering. 1 is the top priority and is listed first. |
Disable Certification/Extension | When checked, the entitlement can neither be certified nor extended. |
May not be requested in UI | When checked, the entitlement will not display to users in the Requests tab when the entitlement is neither granted nor revoked. If the box is checked and the entitlement is in the process of being granted, the entitlement displays in the Requests tab. |
Categories | Categories allow entitlements to be grouped to facilitate organization and administration. Existing categories can be selected from the drop-down box, however, if an existing category does not match the entitlement currently being created, a new category can be created by clicking Create New... Subsequently, administrators can name and activate the new category while optionally adding a description or configuring access control. |
Grant Workflow | The Workflow Definition to use when the Entitlement is being granted. |
Grant Workflow Form | If the Grant Workflow has forms defined, you may pick a form that should be used for the Entitlement grant process. |
Revoke Workflow | The Workflow Definition to use when the Entitlement is being revoked. If not chosen, it defaults to the Grant Workflow. This option is not available for MULTI_UNBOUND Entitlements since those are not revokable. |
Revoke Workflow Form | If the Revoke Workflow has forms defined, pick a form that should be used for the Entitlement revoke process. This option is not available for MULTI_UNBOUND Entitlements since those are not revokable. |