Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security:dev:authorization [2020/04/23 09:59]
tomiskar [Default settings of permissions for an identity profile]
+++ devel:documentation:security:dev:authorization [2020/05/04 11:43]
tomiskar
@@ Line 121: / Line 121: @@
 Gives currently logged user a permission to work with his own identity.
+==== IdentityByFormProjectionEvaluator ====
+@since 10.3.0
+A permission for identities by user type.
+=== Parameters ===
+  * **User type** (''form-projection'') - Add permission to selected user type or to default type (user without type is specified).
 ==== SubordinatesEvaluator ====
@@ Line 136: / Line 145: @@
 Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here.
-<note warning>Prevent to combine with ''IdentityByContractEvaluator'' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note>
+<note warning>Prevent to combine with ''IdentityByContractEvaluator'' - configure one of them.</note>
 ==== IdentityByContractEvaluator ====
@@ Line 144: / Line 153: @@
 Gives a permission for identity according to the permission for identity contract => e.g. if I have a permission to read an contract, I have a permission to read its identity.
-<note warning>Prevent to combine with ''IdentityContractByIdentityEvaluator '' - configure one of them. ''IdentityByContractEvaluator'' is more flexibile - contracts can be secured by manager (by tree structure or by guarantee). If ''IdentityRoleByContractEvaluator'' is configured too, then logged identity can see / edit roles assigned to managed contracts only.</note>
+<note warning>Prevent to combine with ''IdentityContractByIdentityEvaluator '' - configure one of them.</note>
 ==== ContractGuaranteeByIdentityContractEvaluator ====
@@ Line 417: / Line 426: @@
 If you want to enable the managers of the users to read their subordinates and change their permissions on managed contracts only:
-  * **remove** following **permissions** from the userRole:
+  * **change** following **permissions** from the userRole:
-    * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | - | **IdentityContractByIdentityEvaluator**
+    * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | **Use permissions: Read** | **IdentityContractByIdentityEvaluator**
   * **add** following **permissions** to the userRole:
     * Users (IdmIdentity)	| View in select box (autocomplete), Read | **SubordinatesEvaluator**
     * Contracts (IdmIdentityContract)	| View in select box (autocomplete), Read, Change roles | **SubordinateContractEvaluator**
-    * Users (IdmIdentity)	| - | **IdentityByContractEvaluator**
     * Assigned roles (IdmIdentityRole) | - | **IdentityRoleByContractEvaluator**