Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
devel:documentation:security:dev:authorization [2019/08/22 06:52]
tomiskar [Authorization policies] 		devel:documentation:security:dev:authorization [2019/11/13 07:19]
tomiskar [IdentityRoleByIdentityEvaluator]
Line 121: Line 121:
  
 Gives a permission for assigned roles according to the permission for the identity => e.g. If I have a permission to read an identity, I have a permission to read its assigned roles. ''AbstractTransitiveEvaluator'' is used here. If I have a permission to edit the identity, I have a permission to edit (add or delete) its assigned roles. Gives a permission for assigned roles according to the permission for the identity => e.g. If I have a permission to read an identity, I have a permission to read its assigned roles. ''AbstractTransitiveEvaluator'' is used here. If I have a permission to edit the identity, I have a permission to edit (add or delete) its assigned roles.
 +
 +==== IdentityRoleByRoleEvaluator ====
 +
 +@since 9.7.12
 +
 +Gives a permission for assigned roles according to the permission for the role definition => e.g. If I have a permission to read an role, I have a permission to read its assigned roles. ''AbstractTransitiveEvaluator'' is used here. If I have a permission to edit the role, I have a permission to edit its assigned roles.
 +It's usable mainly with can be requested permission - enables copying assigned roles from other identity.
 +
 +=== Parameters ===
 +  * **Can be requested only** (''can-be-requested-only'') - Add permission for role requests only (can be requested). Usable, when assigned roles need to be copied from another user. **Other permissions will not be added.**
  
  
  • by koulaj