Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:security:dev:authorization [2020/04/23 09:57]
tomiskar 		devel:documentation:security:dev:authorization [2020/05/04 11:42]
tomiskar [Default settings of permissions for an identity profile]
Line 121: Line 121:
  
 Gives currently logged user a permission to work with his own identity.  Gives currently logged user a permission to work with his own identity. 
 +
 +==== IdentityByFormProjectionEvaluator ====
 +
 +@since 10.3.0
 +
 +A permission for identities by user type.
 +
 +=== Parameters ===
 +  * **User type** (''form-projection'') - Add permission to selected user type or to default type (user without type is specified).
  
 ==== SubordinatesEvaluator ==== ==== SubordinatesEvaluator ====
Line 406: Line 415:
     * Scheduler (IdmLongRunningTask) | Displaying in autocomplete, selections | BasePermissionEvaluator     * Scheduler (IdmLongRunningTask) | Displaying in autocomplete, selections | BasePermissionEvaluator
     * Code lists (IdmCodeList) | Displaying in autocomplete, selections | BasePermissionEvaluator     * Code lists (IdmCodeList) | Displaying in autocomplete, selections | BasePermissionEvaluator
-    * Code lists - items (IdmCodeListItem) | Displaying in autocomplete, selections | CodeListItemByCodeListEvaluator or CodeListItemByCodeEvaluator+    * Code lists - items (IdmCodeListItem) | Displaying in autocomplete, selections | [[#codelistitembycodelistevaluator|CodeListItemByCodeListEvaluator]] or [[#codelistitembycodeevaluator|CodeListItemByCodeEvaluator]]
   * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly in wrong place.   * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update, Create, Delete | AutomaticRoleRequestByWfInvolvedIdentityEvaluator ( It's good to have autocomplete permission to IdmAutomaticRoleAttribute and IdmRoleTreeNode.). The permission is possibly in wrong place.
   * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, selections | BasePermissionEvaluator   * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, selections | BasePermissionEvaluator
Line 417: Line 426:
  
 If you want to enable the managers of the users to read their subordinates and change their permissions on managed contracts only: If you want to enable the managers of the users to read their subordinates and change their permissions on managed contracts only:
-  * **remove** following **permissions** from the userRole: +  * **change** following **permissions** from the userRole: 
-    * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | | **IdentityContractByIdentityEvaluator**+    * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | **Use permissions: Read** | **IdentityContractByIdentityEvaluator**
   * **add** following **permissions** to the userRole:   * **add** following **permissions** to the userRole:
     * Users (IdmIdentity) | View in select box (autocomplete), Read | **SubordinatesEvaluator**     * Users (IdmIdentity) | View in select box (autocomplete), Read | **SubordinatesEvaluator**
     * Contracts (IdmIdentityContract) | View in select box (autocomplete), Read, Change roles | **SubordinateContractEvaluator**     * Contracts (IdmIdentityContract) | View in select box (autocomplete), Read, Change roles | **SubordinateContractEvaluator**
-    * Users (IdmIdentity) | - | **IdentityByContractEvaluator** 
     * Assigned roles (IdmIdentityRole) | - | **IdentityRoleByContractEvaluator**     * Assigned roles (IdmIdentityRole) | - | **IdentityRoleByContractEvaluator**
  
  • by koulaj