Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:security:dev:authorization [2020/03/03 15:59] kopro add tags |
devel:documentation:security:dev:authorization [2020/03/27 08:56] tomiskar [Secure identity form (extended) attribute values] |
||
---|---|---|---|
Line 238: | Line 238: | ||
* **By permission to update user** ('' | * **By permission to update user** ('' | ||
* **By permission to read user** ('' | * **By permission to read user** ('' | ||
+ | |||
+ | ==== IdentityContractFormValueEvaluator ==== | ||
+ | |||
+ | @since 10.2.0 | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | Permissions to contract form attribute values. By definition (main if not specified) and attrinute codes (all if not specified). | ||
+ | Configure permissions for form definitions together with this evaluator - '' | ||
+ | |||
+ | === Parameters === | ||
+ | * **Form definition** ('' | ||
+ | * **Attributes** ('' | ||
+ | * **By permission to update contract** ('' | ||
+ | * **By permission to read contract** ('' | ||
+ | |||
==== RoleCatalogueRoleByRoleEvaluator ==== | ==== RoleCatalogueRoleByRoleEvaluator ==== | ||
Line 394: | Line 412: | ||
==== Secure identity form (extended) attribute values ==== | ==== Secure identity form (extended) attribute values ==== | ||
- | If we want to enable for currently logged identity update only for some form attributes (e.g phone) from some form definition (e.g. from main definition) on identity detail (tab more information), | + | If we want to enable for currently logged identity update only for some form attributes (e.g '' |
* Enable authorization policies support for identity form values by [[..: | * Enable authorization policies support for identity form values by [[..: | ||
* Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, | * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, | ||
- | * Permission to update phone attribute: Forms - values (IdmIdentityFormValue) | Read, Update | IdentityFormValueEvaluator - select form definition, enter ' | + | * Permission to update |
+ | * and check logged user only checkbox, if currently logged user can edit just itself. Logged user will don't get permissions to edit other users. | ||
+ | |||
+ | ==== Secure contract form (extended) attribute values ==== | ||
+ | |||
+ | If we want to enable for currently logged identity update only for some contract form attributes (e.g. '' | ||
+ | * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, | ||
+ | * Permission to update '' | ||
==== Settings which enable skipping of the role approvement ==== | ==== Settings which enable skipping of the role approvement ==== |