Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:security:dev:authorization [2020/04/21 11:22] tomiskar [Secure identity form (extended) attribute values] |
devel:documentation:security:dev:authorization [2020/04/21 12:04] tomiskar [Default settings of permissions for an identity profile] |
||
---|---|---|---|
Line 384: | Line 384: | ||
* Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator | * Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator | ||
* Connected systems | Displaying in autocomplete, | * Connected systems | Displaying in autocomplete, | ||
- | * Scheduler (IdmLongRunningTask) | Read | BasePermissionEvaluator | + | * Scheduler (IdmLongRunningTask) | Displaying in autocomplete, |
* Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly in wrong place. | * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly in wrong place. | ||
* Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, | * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, | ||
Line 448: | Line 448: | ||
* Permission to admin code list extended attributes: Forms - attributes (IdmFormAttribute) | - | [[# | * Permission to admin code list extended attributes: Forms - attributes (IdmFormAttribute) | - | [[# | ||
- | ==== Secure | + | ==== Settings of permissions of identity form (extended) attribute values ==== |
- | If we want to enable for currently logged identity read / update | + | If we want to enable for currently logged identity read / update for some form attributes (e.g '' |
* Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, | * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, | ||
* Permission to update '' | * Permission to update '' | ||
* and check logged user only checkbox, if currently logged user can edit just itself. Logged user will don't get permissions to edit other users. | * and check logged user only checkbox, if currently logged user can edit just itself. Logged user will don't get permissions to edit other users. | ||
- | ==== Secure | + | ==== Settings of permissions of contract form (extended) attribute values ==== |
- | If we want to enable for currently logged identity update | + | If we want to enable for currently logged identity |
* Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, | * Permission to autocomplete main form definition: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, | ||
* Permission to update '' | * Permission to update '' |