Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
devel:documentation:security:dev:authorization [2020/03/30 12:51]
tomiskar [Identity] 		devel:documentation:security:dev:authorization [2020/04/15 06:44]
tomiskar [IdentityContractByIdentityEvaluator]
Line 119: Line 119:
  
 Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here. Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here.
 +
 +<note warning>Prevent to combine with ''IdentityByContractEvaluator'' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note>
 +
 +==== IdentityByContractEvaluator ====
 +
 +@since 10.3.0
 +
 +Gives a permission for identity according to the permission for identity contract => e.g. if I have a permission to read an contract, I have a permission to read its identity.
 +
 +<note warning>Prevent to combine with ''IdentityContractByIdentityEvaluator '' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note>
  
 ==== ContractGuaranteeByIdentityContractEvaluator ==== ==== ContractGuaranteeByIdentityContractEvaluator ====
  • by koulaj