Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:security:dev:authorization [2019/06/20 07:03] kopro [Default settings of permissions for an identity profile] add IdmProfile |
devel:documentation:security:dev:authorization [2019/08/20 06:00] tomiskar |
||
---|---|---|---|
Line 73: | Line 73: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | * '' | ||
+ | * '' | ||
===== Base authorization evaluators ===== | ===== Base authorization evaluators ===== | ||
Line 318: | Line 320: | ||
* Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator | * Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator | ||
* Connected systems | Displaying in autocomplete, | * Connected systems | Displaying in autocomplete, | ||
- | * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possible | + | * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly |
* Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, | * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, | ||
If you want to enable the managers of the users to read their subordinates and change their permissions, | If you want to enable the managers of the users to read their subordinates and change their permissions, | ||
* Users (IdmIdentity) | Manage authorizations, | * Users (IdmIdentity) | Manage authorizations, | ||
+ | |||
+ | <note tip>From version 9.7.3 isn't feature manually disabled and manually enabled for user allowed by permission Identity '' | ||
==== Settings of permissions for the Helpdesk role ==== | ==== Settings of permissions for the Helpdesk role ==== |