Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:security:dev:authorization [2020/08/12 12:26]
tomiskar 		devel:documentation:security:dev:authorization [2020/10/06 15:25]
svandav [Default settings of permissions for an identity profile]
Line 81: Line 81:
   * ''CHANGEEXTERNALCODE'' - @since 10.3.0 - Change identity personal number.   * ''CHANGEEXTERNALCODE'' - @since 10.3.0 - Change identity personal number.
   * ''CHANGEDESCRIPTION'' - @since 10.3.0 - Change identity description.   * ''CHANGEDESCRIPTION'' - @since 10.3.0 - Change identity description.
 +  * ''SWITCHUSER'' - @since 10.5.0 - logged user can login as selected user (switch user). 
  
 ==== Role==== ==== Role====
Line 409: Line 410:
  
  
-<note important>The business roles are not dealt with within the default role => the user will get what is set for the default role, nothing more.</note>+<note tip>The business roles are supported with the default role => the user will get all authorization policies from default and all sub roles.</note>
  
 ===== Examples of configuration ===== ===== Examples of configuration =====
Line 463: Line 464:
 **With this setting manager will see even other contracts, which not manages** (=> all identity contracts) and can assign role to other contract. This is the reason, why new authorization policies and setting was introduced in version 10.3.0.  **With this setting manager will see even other contracts, which not manages** (=> all identity contracts) and can assign role to other contract. This is the reason, why new authorization policies and setting was introduced in version 10.3.0. 
 </note> </note>
 +
 +==== Default settings of permissions for delegations ====
 +
 +Default settings of permissions for delegations are defined in the role '**Delegation (delegationRole)**'.
 +
 +<note tip>You can see a detailed configuration of evaluators with comments here:
 +[[https://github.com/bcvsolutions/CzechIdMng/blob/c5887f9a96344f5e96e6db7cc8d3da228810ca97/Realization/backend/core/core-impl/src/main/java/eu/bcvsolutions/idm/core/model/event/processor/module/InitDelegationRoleProcessor.java#L106-L202
 +|InitDelegationRoleProcessor]]</note>
  
 ==== Settings of permissions for the Helpdesk role ==== ==== Settings of permissions for the Helpdesk role ====
Line 473: Line 482:
   * Permission to see provisioning archive: Provisioning - archive (SysProvisioningArchive) | Read | BasePermissionEvaluator   * Permission to see provisioning archive: Provisioning - archive (SysProvisioningArchive) | Read | BasePermissionEvaluator
  
 +==== Settings of permissions for virtual system implementer  ====
 +
 +The virtual system implementer (~approver) role should have following additional permissions:
 +  * Permission to admin virtual system requests: Requests on virtual systems (VsRequest ) | Administration (all) | VsRequestByImplementerEvaluator
 ==== Default settings of permissions for a role detail ==== ==== Default settings of permissions for a role detail ====
  
  • by koulaj