Secondary (role-based) assignment entities

PolicyCenter uses secondary assignment in the context of user roles assigned to an entity that does not have a single owner. For example, an entity can have multiple roles associated with it as it moves through PolicyCenter, with each role assigned to a specific person. As each of the roles can be held by only a single user, PolicyCenter represents the relationship by an array of UserRoleAssignment entities. These UserRoleAssignment entities are primarily assignable and implement the Assignable delegate.

Thus, for an entity to be secondarily assignable, it must have an associated array of role assignments, the RoleAssignments array. (This array contains the set of UserRoleAssignment objects.)

In the PolicyCenter base configuration, the following objects all contain a RoleAssignments array:

  • Account
  • Job (and all its subtypes)
  • Policy

For example, an entity—such as Account—does not have a single owner. Instead, an account has a set of User objects associated with it, each of which has a particular Role with respect to the Account. As only a single User can hold each Role, PolicyCenter represents the relationships by a set of UserRoleAssignment entities.

To state this differently, it is possible to assign several different users to the same entity, but with different roles. It is also possible for the same user to have several roles on an entity. (Some common role types are Creator, Underwriter, and Producer.)

Determining the available roles on an Account, Job, or Policy object

PolicyCenter uses the following method to determine the available roles to display in the assignment drop-down as you edit an assignment on an account, job, or policy (the owner parameter):
  • gw.assignment.AssignmentUtil.filterAssignableRoles(owner, role)

The method filters the typekeys defined in the UserRole typelist by the specified role type (the role parameter). It returns true for those typekeys it determines are available in the assignment drop-down. For example, suppose that you start with the existing assignments on an account:

  • Creator – Bruce Baker
  • Producer – Bruce Baker
  • Underwriter – Alice Applegate

If you want to add a new participant (assign a new role), then you need to do the following:

  • Determine the set of roles in the UserRole typelist (Auditor, AuditExaminer, Creator, Producer, and so on).
  • Pass each individual role type and the account (the owner in this case) to the filterAssignableRoles filter method.

As you call the method for the auditor role, the filter method determines that there is no currently existing user with that role on the account and returns true. PolicyCenter then displays the Auditor role in the assignment drop-down in the PolicyCenter interface. However, if you pass the producer role to the filter method, it determines that this role does currently exist on this account and returns false. Thus, PolicyCenter does not display the Producer role in the assignment drop-down in the PolicyCenter interface.

Permitting multiple users to share the same role on an entity

It is not possible—in the base configuration—for different users to share the same role on an entity. PolicyCenter enforces this behavior by setting a UserRoleConstraint category on each role in the UserRole typelist. For example, PolicyCenter associates the following UserRoleConstraint categories with the AuditExaminer role:

  • UserRoleConstraint.accountexclusive
  • UserRoleConstraint.jobexclusive
  • UserRoleConstraint.policyexclusive

These constraints mandate that an account (or job or policy) can have at most one user assigned to the AuditExaminer role. Internally, the filterAssignableRoles method uses these constraints to enforce this behavior. Thus, to permit multiple users to share the same role on an entity, you need to remove that restriction (category) from that role type in the UserRole typelist. For example, to remove the restriction that an account can have only one associated user with the AuditExaminer role, simply remove that category (UserRoleConstraint.accountexclusive) from the AuditExaminer role.

To determine the categories set on a role, select a typecode (a role) from the UserRole typelist and view the Categories pane.

Secondary assignment and round-robin assignment

Secondary assignment uses the assignment owner to retrieve the round-robin state. What this means is that different secondary assignments on the same assignment owner can end up using the same round-robin state, and they can affect each other.

In general, if you use different search criteria for different secondary assignments, you do not encounter this problem as the search criteria is most likely different. However, if you want to want to make absolutely sure that different secondary assignments follow different round-robin states, then you need to extend the search criteria. In this case, add a flag column and set it to a different value for each different kind of secondary assignment. See Round-robin assignment for more information on this type of assignment.