| Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
devel:documentation:security:dev:authorization [2020/03/27 08:56]
tomiskar [Secure identity form (extended) attribute values] |
devel:documentation:security:dev:authorization [2020/04/15 06:44]
tomiskar [IdentityContractByIdentityEvaluator] |
| * ''PASSWORDCHANGE'' - permission is evaluated, when identity's password is changed. | * ''PASSWORDCHANGE'' - permission is evaluated, when identity's password is changed. |
| * ''CHANGEPERMISSION'' - permission is evaluated, when identity's permissions is changed => ''CHANGEPERMISSION'' on identity gives permissions ''READ'', ''CREATE'', ''UPDATE'', ''DELETE'' to identity's role requests. | * ''CHANGEPERMISSION'' - permission is evaluated, when identity's permissions is changed => ''CHANGEPERMISSION'' on identity gives permissions ''READ'', ''CREATE'', ''UPDATE'', ''DELETE'' to identity's role requests. |
| | * ''CHANGEPROJECTION'' - @since 10.2.0 - Change identity form projection. |
| * ''MANUALLYDISABLE''- Deactivate identity manually. Enables bulk action and quick dashboard button. | * ''MANUALLYDISABLE''- Deactivate identity manually. Enables bulk action and quick dashboard button. |
| * ''MANUALLYENABLE''- Activate identity manually. Enables bulk action and quick dashboard button. | * ''MANUALLYENABLE''- Activate identity manually. Enables bulk action and quick dashboard button. |
| |
| Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here. | Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here. |
| | |
| | <note warning>Prevent to combine with ''IdentityByContractEvaluator'' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note> |
| | |
| | ==== IdentityByContractEvaluator ==== |
| | |
| | @since 10.3.0 |
| | |
| | Gives a permission for identity according to the permission for identity contract => e.g. if I have a permission to read an contract, I have a permission to read its identity. |
| | |
| | <note warning>Prevent to combine with ''IdentityContractByIdentityEvaluator '' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note> |
| |
| ==== ContractGuaranteeByIdentityContractEvaluator ==== | ==== ContractGuaranteeByIdentityContractEvaluator ==== |