Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:security:dev:authorization [2019/08/15 14:48] kopro [Default settings of permissions for an identity profile] |
devel:documentation:security:dev:authorization [2019/08/22 06:52] tomiskar [Authorization policies] |
||
---|---|---|---|
Line 20: | Line 20: | ||
**Real life example**: | **Real life example**: | ||
- | Let there be an agenda of roles. **To be able to select from the roles dial** (e.g. when requesting roles) **we need to be assigned a permission for an agenda of autocomplete for roles** '' | + | Let there be an agenda of identities. **To be able to select from the identity |
</ | </ | ||
Line 75: | Line 75: | ||
* '' | * '' | ||
* '' | * '' | ||
+ | |||
+ | ==== Role==== | ||
+ | |||
+ | * '' | ||
===== Base authorization evaluators ===== | ===== Base authorization evaluators ===== | ||
Line 295: | Line 299: | ||
==== Default settings of permissions for an identity profile ==== | ==== Default settings of permissions for an identity profile ==== | ||
- | |||
- | <note tip>From version 9.7.3 is'n feature manually disabled and manually enabled for user allowed by permission Identity UPDATE. But exits own permissions for each operation (MANUALLYDISABLE and MANUALLYENABLE)</ | ||
This is a typical setting for the **userRole** - regular user as defined in the [[..: | This is a typical setting for the **userRole** - regular user as defined in the [[..: | ||
Line 303: | Line 305: | ||
* Permission to read one's own identity: Users (IdmIdentity) | Displaying in autocomplete, | * Permission to read one's own identity: Users (IdmIdentity) | Displaying in autocomplete, | ||
* Permission to read the assigned identity roles: Roles assigned to users (IdmIdentityRole)| - | IdentityRoleByIdentityEvaluator | * Permission to read the assigned identity roles: Roles assigned to users (IdmIdentityRole)| - | IdentityRoleByIdentityEvaluator | ||
+ | * Permission to request roles (which can be requested): Role (IdmRole) | Can be requested | RoleCanBeRequestedEvaluator | ||
* Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | - | IdentityContractByIdentityEvaluator | * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | - | IdentityContractByIdentityEvaluator | ||
* Permission to read other contract positions according to contract: Other contract positions (IdmContractPosition) | - | ContractPositionByIdentityContractEvaluator | * Permission to read other contract positions according to contract: Other contract positions (IdmContractPosition) | - | ContractPositionByIdentityContractEvaluator | ||
Line 314: | Line 317: | ||
* User profile (picture) (IdmProfile) | Displaying in autocomplete, | * User profile (picture) (IdmProfile) | Displaying in autocomplete, | ||
* Users (IdmIdentity) | Displaying in autocomplete, | * Users (IdmIdentity) | Displaying in autocomplete, | ||
- | * Role (IdmRole) | Displaying in autocomplete, | + | * Role (IdmRole) | Displaying in autocomplete, |
* Role catalog (IdmRoleCatalogue) | Displaying in autocomplete, | * Role catalog (IdmRoleCatalogue) | Displaying in autocomplete, | ||
* Industrial relations (IdmIdentityContract) | Displaying in autocomplete, | * Industrial relations (IdmIdentityContract) | Displaying in autocomplete, | ||
Line 327: | Line 330: | ||
If you want to enable the managers of the users to read their subordinates and change their permissions, | If you want to enable the managers of the users to read their subordinates and change their permissions, | ||
* Users (IdmIdentity) | Manage authorizations, | * Users (IdmIdentity) | Manage authorizations, | ||
+ | |||
+ | <note tip>From version 9.7.3 isn't feature manually disabled and manually enabled for user allowed by permission Identity '' | ||
==== Settings of permissions for the Helpdesk role ==== | ==== Settings of permissions for the Helpdesk role ==== |