MidPoint 3.5 and later
Full role catalog functionality is available since midPoint 3.5. MidPoint version prior to 3.5 have limited role catalog functionality.
One of the drawbacks of the general RBAC models is that there is usually a large number of roles to choose from. MidPoint advanced hybrid RBAC model can keep the number of roles at reasonable level. But even in that case there is usually hundreds or even thousands of roles if the organization is considerably complex. We need to keep this number of roles manageable for both the end users and administrators. Therefore midPoint implements a concept of role catalog to organize the roles into categories.
The role catalog has two purposes and therefore it is also presented in two slightly different ways.
Role Catalog for End Users
The first purpose of role catalog is to make role requests easy for end users. The role catalog is used to present the roles in a similar way as an e-shop presents the products. The roles are sorted into categories and sub-categories. The user may browse the role catalog and select the roles. Then the user can put the roles in a "shopping cart" and "buy" them. This catalog and e-shop paradigm is quite natural for most end users and it requires little to no training.
Role Catalog for Administrators
The second purpose of role catalog is to make role administration and management easy. Role catalog is essential just an organizational structure (see below). Therefore it can be used to set up fine-graned authorizations and delegated administration of the roles. For example the application roles may be sorted to categories that represent applications and application modules. In that case the management of the application roles can be delegated to application or module owners.
Role Catalog Implementation and Configuration
See Role Catalog Configuration page for description of role catalog implemenation and configuration details.