Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:security:dev:authorization [2020/10/06 15:27] svandav [Default settings of permissions for delegations] |
devel:documentation:security:dev:authorization [2021/06/16 08:38] husniko [RoleGuaranteeEvaluator] |
||
---|---|---|---|
Line 86: | Line 86: | ||
* '' | * '' | ||
+ | * '' | ||
==== Identity role==== | ==== Identity role==== | ||
Line 95: | Line 95: | ||
* '' | * '' | ||
+ | * '' | ||
===== Cache ===== | ===== Cache ===== | ||
Line 202: | Line 203: | ||
This evaluator solves both ways (or). | This evaluator solves both ways (or). | ||
+ | |||
+ | Evaluator can be used for UC, when role guarantee can assign his roles to users (@since 11.1.0). The authorization policies can be set as follows: | ||
+ | * Permission to work with guaranteed roles: Roles (IdmRole) | View in select box (autocomplete), | ||
+ | * Permission to all identities: Users (IdmIdentity) | Read | BasePermissionEvaluator | ||
+ | * Permission to assign new role to all contracts: Contracted positions (IdmIdentityContract) | Can be requested | BasePermissionEvaluator | ||
+ | * Permission to read all assigned roles: Assigned roles (IdmIdentityRole) | - | IdentityRoleByIdentityEvaluator | ||
+ | * Permission to assign guaranteed roles: Assigned roles (IdmIdentityRole) | **Can be requested only:true** | IdentityRoleByRoleEvaluator | ||
==== AuthorizationPolicyByRoleEvaluator ==== | ==== AuthorizationPolicyByRoleEvaluator ==== |