Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security:dev:authorization [2019/11/13 07:28]
tomiskar [IdentityRoleByRoleEvaluator]
+++ devel:documentation:security:dev:authorization [2019/11/13 07:39]
tomiskar [Default settings of permissions for an identity profile]
@@ Line 79: / Line 79: @@
   * ''CANBEREQUESTED'' - role, which can be requested. Used in role request and bulk actions for assign role.
+==== Identity role====
+  * ''CANBEREQUESTED'' - role, which can be requested. Used in copying assigned roles by other identity.
 ===== Base authorization evaluators =====
@@ Line 318: / Line 323: @@
   * Permission to read the assigned identity roles: Roles assigned to users (IdmIdentityRole)| - | IdentityRoleByIdentityEvaluator
   * Permission to request roles (which can be requested): Role (IdmRole) | Can be requested | RoleCanBeRequestedEvaluator
+  * Permission to request roles by copy them from other identity (which can be requested): Assigned roles (IdmIdentityRole) | Can be requested | RoleCanBeRequestedEvaluator (since the version 9.7.12)
   * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | - | IdentityContractByIdentityEvaluator
   * Permission to read other contract positions according to contract: Other contract positions (IdmContractPosition) | - | ContractPositionByIdentityContractEvaluator
@@ Line 344: / Line 350: @@
 <note tip>From version 9.7.3 isn't feature manually disabled and manually enabled for user allowed by permission Identity ''UPDATE''. But exits own permissions for each operation (''MANUALLYDISABLE'' or ''MANUALLYENABLE'')</note>
+<note tip>From version 9.7.12 it's required ''CANBEREQUESTED'' permission for copying roles into request by other identity.</note>
 ==== Settings of permissions for the Helpdesk role ====