Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:security:dev:authorization [2020/04/22 11:31]
tomiskar [Settings of permissions of identity basic attributes] 		devel:documentation:security:dev:authorization [2020/04/23 11:37]
tomiskar
Line 121: Line 121:
  
 Gives currently logged user a permission to work with his own identity.  Gives currently logged user a permission to work with his own identity. 
 +
 +==== IdentityByFormProjectionEvaluator ====
 +
 +@since 10.3.0
 +
 +A permission for identities by user type.
 +
 +=== Parameters ===
 +  * **User type** (''form-projection'') - Add permission to selected user type or to default type (user without type is specified).
  
 ==== SubordinatesEvaluator ==== ==== SubordinatesEvaluator ====
Line 236: Line 245:
  
 Gives a permission for code list items according to the permission for the code list => e.g. If I have a permission to read a code list, I have a permission to read its items. Gives a permission for code list items according to the permission for the code list => e.g. If I have a permission to read a code list, I have a permission to read its items.
 +
 +==== CodeListItemByCodeEvaluator ====
 +
 +@since 10.3.0
 +
 +Gives a permission for code list items according to the permission for the code list and item codes.
 +
 +=== Parameters ===
 +  * **Code list** (''codelist'') - Items from selected code list.
 +  * **Items** (''item-codes'') - Add permission to code list items by their codes. All items from selected code list will be used as default (use comma as separator - more item codes are supported).
  
 ==== VsRequestByImplementerEvaluator ==== ==== VsRequestByImplementerEvaluator ====
Line 395: Line 414:
     * Connected systems | Displaying in autocomplete, selections | BasePermissionEvaluator      * Connected systems | Displaying in autocomplete, selections | BasePermissionEvaluator 
     * Scheduler (IdmLongRunningTask) | Displaying in autocomplete, selections | BasePermissionEvaluator     * Scheduler (IdmLongRunningTask) | Displaying in autocomplete, selections | BasePermissionEvaluator
 +    * Code lists (IdmCodeList) | Displaying in autocomplete, selections | BasePermissionEvaluator
 +    * Code lists - items (IdmCodeListItem) | Displaying in autocomplete, selections | [[#codelistitembycodelistevaluator|CodeListItemByCodeListEvaluator]] or [[#codelistitembycodeevaluator|CodeListItemByCodeEvaluator]]
   * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly in wrong place.   * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly in wrong place.
   * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, selections | BasePermissionEvaluator   * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, selections | BasePermissionEvaluator
  • by koulaj