Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
devel:documentation:security:dev:authorization [2020/03/26 20:05]
tomiskar [IdentityFormValueEvaluator] 		devel:documentation:security:dev:authorization [2020/03/27 08:56]
tomiskar [Secure identity form (extended) attribute values]
Line 412: Line 412:
 ==== Secure identity form (extended) attribute values ==== ==== Secure identity form (extended) attribute values ====
  
-If we want to enable for currently logged identity update only for some form attributes (e.g phone) from some form definition (e.g. from main definition) on identity detail (tab more information), the authorization policies can be set as follows:+If we want to enable for currently logged identity update only for some form attributes (e.g ''phone'') from some form definition (e.g. from main definition) on identity detail (tab more information), the authorization policies can be set as follows:
   * Enable authorization policies support for identity form values by [[..:..:application_configuration:dev:backend#identity|configuration]].   * Enable authorization policies support for identity form values by [[..:..:application_configuration:dev:backend#identity|configuration]].
   * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, selections | UuidEvaluator - enter main definition (for identities) identifier   * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, selections | UuidEvaluator - enter main definition (for identities) identifier
-  * Permission to update phone attribute: Forms - values (IdmIdentityFormValue) | Read, Update | IdentityFormValueEvaluator - select form definition, enter 'phone' as attributes and check logged user only checkbox.+  * Permission to update ''phone'' attribute: Forms - values (IdmIdentityFormValue) | Read, Update | IdentityFormValueEvaluator - select form definition same as above, enter ''phone'' as attributes 
 +  * and check logged user only checkbox, if currently logged user can edit just itself. Logged user will don't get permissions to edit other users. 
 + 
 +==== Secure contract form (extended) attribute values ==== 
 + 
 +If we want to enable for currently logged identity update only for some contract form attributes (e.g. ''other manager'') from some form definition (e.g. from main definition) on contract detail (tab more information), the authorization policies have to be be set as follows: 
 +  * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, selections | UuidEvaluator - enter main definition (for contracts) identifier 
 +  * Permission to update ''other manager'' attribute: Forms - values (IdmIdentityContractFormValue) | Read, Update | IdentityContractFormValueEvaluator - select form definition same as above and enter ''other manager'' as attributes. 
  
 ==== Settings which enable skipping of the role approvement ==== ==== Settings which enable skipping of the role approvement ====
  • by koulaj