Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
devel:documentation:security:dev:authorization [2021/06/11 06:29] 127.0.0.1 external edit |
devel:documentation:security:dev:authorization [2021/06/11 06:46] 127.0.0.1 external edit |
||
|---|---|---|---|
| Line 203: | Line 203: | ||
| This evaluator solves both ways (or). | This evaluator solves both ways (or). | ||
| + | |||
| + | Evaluator can be used for UC, when role guarantee can assign his roles to users (@since 11.1.0). The authorization policies can be set as follows: | ||
| + | * Permission to work with guaranteed roles: Roles (IdmRole) | View in select box (autocomplete), | ||
| + | * Permission to all identities: Users (IdmIdentity) | Read | BasePermissionEvaluator | ||
| + | * Permission to assign new role to all contracts: Contracted positions (IdmIdentityContract) | Can be requested | BasePermissionEvaluator | ||
| + | * Permission to read all assigned roles: Assigned roles (IdmIdentityRole) | - | IdentityRoleByIdentityEvaluator | ||
| + | * Permission to assign guaranteed roles: Assigned roles (IdmIdentityRole) | **Can be requested only:true** | IdentityRoleByRoleEvaluator | ||
| ==== AuthorizationPolicyByRoleEvaluator ==== | ==== AuthorizationPolicyByRoleEvaluator ==== | ||