Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
devel:documentation:security:dev:authorization [2020/03/30 12:50] tomiskar [Identity] |
devel:documentation:security:dev:authorization [2020/04/15 06:44] tomiskar [IdentityContractByIdentityEvaluator] |
* ''PASSWORDCHANGE'' - permission is evaluated, when identity's password is changed. | * ''PASSWORDCHANGE'' - permission is evaluated, when identity's password is changed. |
* ''CHANGEPERMISSION'' - permission is evaluated, when identity's permissions is changed => ''CHANGEPERMISSION'' on identity gives permissions ''READ'', ''CREATE'', ''UPDATE'', ''DELETE'' to identity's role requests. | * ''CHANGEPERMISSION'' - permission is evaluated, when identity's permissions is changed => ''CHANGEPERMISSION'' on identity gives permissions ''READ'', ''CREATE'', ''UPDATE'', ''DELETE'' to identity's role requests. |
* ''CHANGEPROJECTION'' - @since 10.2.0 - Change identity form projection. | * ''CHANGEPROJECTION'' - @since 10.2.0 - Change identity form projection. |
* ''MANUALLYDISABLE''- Deactivate identity manually. Enables bulk action and quick dashboard button. | * ''MANUALLYDISABLE''- Deactivate identity manually. Enables bulk action and quick dashboard button. |
* ''MANUALLYENABLE''- Activate identity manually. Enables bulk action and quick dashboard button. | * ''MANUALLYENABLE''- Activate identity manually. Enables bulk action and quick dashboard button. |
| |
Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here. | Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here. |
| |
| <note warning>Prevent to combine with ''IdentityByContractEvaluator'' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note> |
| |
| ==== IdentityByContractEvaluator ==== |
| |
| @since 10.3.0 |
| |
| Gives a permission for identity according to the permission for identity contract => e.g. if I have a permission to read an contract, I have a permission to read its identity. |
| |
| <note warning>Prevent to combine with ''IdentityContractByIdentityEvaluator '' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note> |
| |
==== ContractGuaranteeByIdentityContractEvaluator ==== | ==== ContractGuaranteeByIdentityContractEvaluator ==== |