Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
devel:documentation:security:dev:authorization [2020/08/11 10:27] tomiskar [Default settings of permissions for an identity profile] |
devel:documentation:security:dev:authorization [2020/08/12 10:08] tomiskar [Default settings of permissions for an identity profile] |
||
|---|---|---|---|
| Line 421: | Line 421: | ||
| * Permission to read the assigned identity roles: Roles assigned to users (IdmIdentityRole)| - | IdentityRoleByIdentityEvaluator | * Permission to read the assigned identity roles: Roles assigned to users (IdmIdentityRole)| - | IdentityRoleByIdentityEvaluator | ||
| * Permission to request roles (which can be requested): Role (IdmRole) | Can be requested | RoleCanBeRequestedEvaluator (since the version 9.7.12) | * Permission to request roles (which can be requested): Role (IdmRole) | Can be requested | RoleCanBeRequestedEvaluator (since the version 9.7.12) | ||
| - | * Permission to request roles by copy them from other identity (which can be requested): Assigned roles (IdmIdentityRole) | Can be requested only:true | IdentityRoleByRoleEvaluator | + | * Permission to request roles by copy them from other identity (which can be requested): Assigned roles (IdmIdentityRole) | **Can be requested only: true** | IdentityRoleByRoleEvaluator |
| - | * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | - | IdentityContractByIdentityEvaluator | + | * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | **Use permissions: |
| * Permission to read other contract positions according to contract: Other contract positions (IdmContractPosition) | - | ContractPositionByIdentityContractEvaluator | * Permission to read other contract positions according to contract: Other contract positions (IdmContractPosition) | - | ContractPositionByIdentityContractEvaluator | ||
| * Permission to read guarantees of IR: Industrial relation guarantees (IdmContractGuarantee) | - | ContractGuaranteeByIdentityContractEvaluator | * Permission to read guarantees of IR: Industrial relation guarantees (IdmContractGuarantee) | - | ContractGuaranteeByIdentityContractEvaluator | ||
| Line 444: | Line 444: | ||
| * Code lists (IdmCodeList) | Displaying in autocomplete, | * Code lists (IdmCodeList) | Displaying in autocomplete, | ||
| * Code lists - items (IdmCodeListItem) | Displaying in autocomplete, | * Code lists - items (IdmCodeListItem) | Displaying in autocomplete, | ||
| - | * Permission to autocomplete form definitions (eav attributes on detail for identities, roles, etc): Forms - definitions (IdmFormDefinition) | Displaying in autocomplete, | ||
| * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update | AutomaticRoleRequestByWfInvolvedIdentityEvaluator. For create new or delete an automatic role request add another evaluator (for example BasePermissionEvaluator to choosed users). Add also autocomplete permission to IdmAutomaticRoleAttribute (if you use automatic roles by attributes) and IdmRoleTreeNode (if you use automatic roles by organizations.). | * Permission to read automatic role requests in workflow approval: Requests for automatic roles (IdmAutomaticRoleRequest) | Read, Update | AutomaticRoleRequestByWfInvolvedIdentityEvaluator. For create new or delete an automatic role request add another evaluator (for example BasePermissionEvaluator to choosed users). Add also autocomplete permission to IdmAutomaticRoleAttribute (if you use automatic roles by attributes) and IdmRoleTreeNode (if you use automatic roles by organizations.). | ||
| * Permission to read and solve one's requests on virtual systems: Requests on virtual systems (VsRequest) | Administration | VsRequestByImplementerEvaluator ([[tutorial: | * Permission to read and solve one's requests on virtual systems: Requests on virtual systems (VsRequest) | Administration | VsRequestByImplementerEvaluator ([[tutorial: | ||
| Line 455: | Line 454: | ||
| If you want to enable the managers of the users to read their subordinates and change their permissions on managed contracts only: | If you want to enable the managers of the users to read their subordinates and change their permissions on managed contracts only: | ||
| - | * **change** following **permissions** from the userRole: | ||
| - | * Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | **Use permissions: | ||
| * **add** following **permissions** to the userRole: | * **add** following **permissions** to the userRole: | ||
| * Users (IdmIdentity) | View in select box (autocomplete), | * Users (IdmIdentity) | View in select box (autocomplete), | ||
| Line 462: | Line 459: | ||
| * Assigned roles (IdmIdentityRole) | - | **IdentityRoleByContractEvaluator** | * Assigned roles (IdmIdentityRole) | - | **IdentityRoleByContractEvaluator** | ||
| - | <note tip>This configuration is available from version 10.3.0. If you are using some older version, | + | <note tip>This configuration is available from version 10.3.0. If you are using some older version, add one permission instead: |
| * Users (IdmIdentity) | View in select box (autocomplete), | * Users (IdmIdentity) | View in select box (autocomplete), | ||