Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:security:dev:authorization [2019/05/13 06:40] tomiskar |
devel:documentation:security:dev:authorization [2019/08/15 11:16] tomiskar [Identity] |
||
---|---|---|---|
Line 73: | Line 73: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
===== Base authorization evaluators ===== | ===== Base authorization evaluators ===== | ||
Line 306: | Line 308: | ||
* Permission to read role requests in workflow approval: Requests for assigned roles (IdmRoleRequest) | Read, Update, Create, Delete | RoleRequestByWfInvolvedIdentityEvaluator | * Permission to read role requests in workflow approval: Requests for assigned roles (IdmRoleRequest) | Read, Update, Create, Delete | RoleRequestByWfInvolvedIdentityEvaluator | ||
* Permission to read and execute for tasks: Workflow - tasks | Read, Execute | BasePermissionEvaluator (since the version 7.7.0) | * Permission to read and execute for tasks: Workflow - tasks | Read, Execute | BasePermissionEvaluator (since the version 7.7.0) | ||
- | * Permission to read and change indetity profile: Identity profile | Read, Update, Create | SelfProfileEvaluator (since the version 9.2.0) | + | * Permission to read and change indetity profile: Identity profile |
* Enabling the autocomplete for entities: | * Enabling the autocomplete for entities: | ||
* User profile (picture) (IdmProfile) | Displaying in autocomplete, | * User profile (picture) (IdmProfile) | Displaying in autocomplete, | ||
Line 318: | Line 320: | ||
* Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator | * Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator | ||
* Connected systems | Displaying in autocomplete, | * Connected systems | Displaying in autocomplete, | ||
- | * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possible | + | * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly |
* Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, | * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, | ||
Line 330: | Line 332: | ||
* Permission to read audit: Audit | Read | BasePermissionEvaluator | * Permission to read audit: Audit | Read | BasePermissionEvaluator | ||
* Permission to see sent notifications: | * Permission to see sent notifications: | ||
- | * FIXME add permissions | + | * Permission |
+ | * Permission to see provisioning archive: Provisioning - archive | ||
==== Default settings of permissions for a role detail ==== | ==== Default settings of permissions for a role detail ==== |