IGA reporting user-stories

AS a Role manager
I WANT TO see snapshot statistics for objects building role model
SO THAT I can understand the size and complexity of environment.

GIVEN Configured Dashboard (with asynchronous widgets) OR report providing "snapshot statistics"
WHEN the Role manager opens the dashboard or the report,
THEN he can see information that can provide him overview, such as:

This story can probably be implemented by configuration. Counting of assignment mappings in object templates may be more complex.

AS a Role manager or IDM administrator
I WANT TO see update statistics of objects building role model for previous week or month
SO THAT I can understand what happened in the environment and whether things work as usual.

GIVEN Configured Dashboard (with asynchronous widgets) OR report providing "update statistics" from audit data
WHEN the Role manager opens the dashboard or runs the report
THEN he can see such information that can provide him overview of what happened in previous time interval, such as:

The time interval could be defined as last day, last working day, last week…​ Should be done by audit reports.

AS a Role manager or IDM administrator
I WANT TO be able to compare the update statistics for multiple (or series of) weeks or months
SO THAT I can identify and assess trends in data and environment

There are 2 alternative solutions:

1st solution requires analysis and comparison of multiple reports outside midPoint, but should be available already.

AS a Role manager or IDM administrator
I WANT TO see which roles create which objects on which resources. And what types of objects. Both directly or indirectly.
SO THAT I can identify :

GIVEN report with displaying induced roles and assigned metaroles and resources and constructions of objects on these elements WHEN the Role manager defines the level or set of roles, runs the report and imports the report result into analytical tool THEN he can:

MP should be able to provide such report.

AS an IDM administrator
I WANT TO know which objects are modified on which resources by assignment of specific role. (top-down)
SO THAT I can identify what everything will be affected when the role is assigned / unassinged to/from users.

GIVEN role configured in midPoint. Role may contain application roles (and metaroles) on multiple levels.
WHEN IDM administrator opens the role in UI and switch to displaying all direct and indirect inducements.
THEN he can filter the results to resources and see all resources and objects that are created on these resources.

AS a Role manager or an IDM administrator
I WANT TO know which roles are modifying specific object on specific resource. (bottom-up)
SO THAT I can help users to identify what roles are needed for specific operations, OR I can decommision related roles when the object on the resource is being deleted.

GIVEN roles and resources configured in midpoint UI
WHEN he performs specific AXIOM search or chooses an option in UI THEN midpoint can perform one-level or recursive search for all roles that relates to this specific object.

AS a Role manager
I WANT TO see which business roles relate to manual resources (their assignment generates manual operation)
SO THAT I can optimize processing of their assignment.

GIVEN functionality implemented for story Which roles modifies this object on resource (bottom-up)
WHEN Role manager performs the request
THEN he can optimize the processes of their assignments by different operations, e.g.:

AS a Role manager
I WANT TO see which roles provide access to which applications or application components
SO THAT I can identify where the users will obtain access by different application or business roles.

GIVEN report providing information of all induced application or application components
WHEN Role manager specify parameters and run such report and
THEN Role manager can identify set of roles providing access to specific set of applications. Directly in the report or using some analytical tool - if the filter was not defined in the report.

AS a Role manager, an IDM administrator or End user
I WANT TO see where does the specific role provide access to
SO THAT I can identify where the user will obtain access when he is assigned by this role.

GIVEN roles and applications configures in midPoint
WHEN Role manager, IDM administrator or END user opens the specific role
THEN he can see directly in UI to which application(s) and/or application component(s) the role provides access to. (See induces services of specific archetypes)

AS an IDM Administrator or a Role manager
I WANT TO see which roles provide access to this application
SO THAT I can identify where the users will obtain access when he is the role is assigned.

GIVEN report providing information of all induced application or application components
WHEN Role manager specify parameters and run such report and
THEN Role manager can identify set of roles providing access to specific set of applications. Directly in the report or using some analytical tool - if the filter was not defined in the report.

AS a Business user
I WANT TO know where everywhere the specific role provides access
SO THAT I can assess whether this role helps me o get access I need.

TODO: UI - in the role page.

AS a Business user
I WANT TO see the roles that provide access to the application
SO THAT I can choose from the list the role that can provide me the access I need.

GIVEN WHEN THEN TODO

AS a Role manager
I WANT TO know which roles providing access to which applications
SO THAT I can manage the structure of the roles.

GIVEN WHEN THEN TODO

AS a Role manager
I WANT TO know what are the rules for automatic assignment of the roles. By the rules I mean:

GIVEN WHEN THEN TODO

GIVEN WHEN THEN TODO