Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security:dev:authorization [2019/11/13 07:39]
tomiskar [Default settings of permissions for an identity profile]
+++ devel:documentation:security:dev:authorization [2020/03/03 15:59]
kopro add tags
@@ Line 1: / Line 1: @@
 ===== Authorization policies =====
-{{tag> security authorization role policy }}
+{{tag> security authorization role policy default user role permissions }}
 An authorization policy determines which permissions a user in CzechIdM has.
@@ Line 398: / Line 398: @@
   * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, selections | UuidEvaluator - enter main definition (for identities) identifier
   * Permission to update phone attribute: Forms - values (IdmIdentityFormValue) | Read, Update | IdentityFormValueEvaluator - select form definition, enter 'phone' as attributes and check logged user only checkbox.
+==== Settings which enable skipping of the role approvement ====
+Assignment of roles is normally approved by the standard [[devel:documentation:role_change|approval process]]. The approval process may be skipped by executing the bulk action for [[tutorial:adm:identities_bulk_actions#roles_assignment|Role assignment]] with unchecked Approve, but only if the user has the following permission:
+  * Permission to directly execute role requests: Role requests (IdmRoleRequest) | Execute | BasePermissionEvaluator
 ===== Employing policies for a new domain type - entity =====