Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:security:dev:authorization [2020/08/12 10:47]
tomiskar 		devel:documentation:security:dev:authorization [2020/08/25 10:44]
tomiskar [Default policies]
Line 81: Line 81:
   * ''CHANGEEXTERNALCODE'' - @since 10.3.0 - Change identity personal number.   * ''CHANGEEXTERNALCODE'' - @since 10.3.0 - Change identity personal number.
   * ''CHANGEDESCRIPTION'' - @since 10.3.0 - Change identity description.   * ''CHANGEDESCRIPTION'' - @since 10.3.0 - Change identity description.
 +  * ''SWITCHUSER'' - @since 10.5.0 - logged user can login as selected user (switch user). 
  
 ==== Role==== ==== Role====
Line 409: Line 410:
  
  
-<note important>The business roles are not dealt with within the default role => the user will get what is set for the default role, nothing more.</note>+<note tip>The business roles are supported with the default role => the user will get all authorization policies from default and all sub roles.</note>
  
 ===== Examples of configuration ===== ===== Examples of configuration =====
Line 473: Line 474:
   * Permission to see provisioning archive: Provisioning - archive (SysProvisioningArchive) | Read | BasePermissionEvaluator   * Permission to see provisioning archive: Provisioning - archive (SysProvisioningArchive) | Read | BasePermissionEvaluator
  
 +==== Settings of permissions for virtual system implementer  ====
 +
 +The virtual system implementer (~approver) role should have following additional permissions:
 +  * Permission to admin virtual system requests: Requests on virtual systems (VsRequest ) | Administration (all) | VsRequestByImplementerEvaluator
 ==== Default settings of permissions for a role detail ==== ==== Default settings of permissions for a role detail ====
  
Line 496: Line 501:
     * Business roles definition (IdmRoleComposition) | - | [[#RoleCompositionBySuperiorRoleEvaluator]]     * Business roles definition (IdmRoleComposition) | - | [[#RoleCompositionBySuperiorRoleEvaluator]]
     * Business roles definition (IdmRoleComposition) | - | [[#RoleCompositionBySubRoleEvaluator]]     * Business roles definition (IdmRoleComposition) | - | [[#RoleCompositionBySubRoleEvaluator]]
 +  * Permission to autocomplete form definitions: Forms - definitions (IdmFormDefiniton) | Displaying in autocomplete, selections | BasePermissionEvaluator
   * Role attributes (subdefnition) (IdmRoleFormAttribute) | - | RoleFormAttributeByRoleEvaluator   * Role attributes (subdefnition) (IdmRoleFormAttribute) | - | RoleFormAttributeByRoleEvaluator
  
  • by koulaj