Security
Implemented autorization evaluators:
RecertificationRequestByRecertificationActionEvaluator - Permissions to recertification request by action.
RecertificationItemByRecertificationRequestEvaluator - Permissions to items by recertification request.
RecertificationRequestByApproverEvaluator - Permissions to recertification request by approver.
Example of security setting
Person - security
Person can create recertification action and requests - see bulk actions and both agendas. Cannot execute created requests.
Set the role authorization policies as follows:
- Users (IdmIdentity)| Read | BasePermissionEvaluator
- Roles (IdmRole)| Read | BasePermissionEvaluator
- Role recertification - actions (RecRecertificationAction) | Create, Read, View in select box (autocomplete) | BasePermissionEvaluator
- Role recertification - requests (RecRecertificationRequest) | - | RecertificationRequestByRecertificationActionEvaluator
- Role recertification - request items (RecRecertificationItem) | - | RecertificationItemByRecertificationRequestEvaluator
* DELETE permission can be added to action to enable removing created action and requests (e.g. security can remove blocked or old records).
Person - approver
Person can see and approve recertification requests, where is in available approvers. Cannot see and create recertification actions.
Set the role authorization policies as follows:
- Users (IdmIdentity)| Read | BasePermissionEvaluator
- Roles (IdmRole)| Read | BasePermissionEvaluator
- Role recertification - requests (RecRecertificationRequest) | Execute, Read, Update | RecertificationRequestByApproverEvaluator
- Role recertification - request items (RecRecertificationItem) | - | RecertificationItemByRecertificationRequestEvaluator
UPDATE persmission to recertification request (item is secured transitivelly by request).
READ permission. Replace this permissions with your project specific setting (e.g. just subordinates can be shown, only some roles)