Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
devel:documentation:security:dev:authorization [2022/08/02 10:06]
kucerar add skip cas mention 		devel:documentation:security:dev:authorization [2024/05/28 12:32]
koulaj
Line 27: Line 27:
   * ''BasePermission''  - a base permission; can be added in modules; basic permissions for the IdM core, which are identical for both permissions for access into agendas and for permissions for data:   * ''BasePermission''  - a base permission; can be added in modules; basic permissions for the IdM core, which are identical for both permissions for access into agendas and for permissions for data:
       * ''ADMIN''  - administration - includes all operations ⇒ wildcard - there is no need to list all the operations (see ''IdmAuthorityHierarchy'')       * ''ADMIN''  - administration - includes all operations ⇒ wildcard - there is no need to list all the operations (see ''IdmAuthorityHierarchy'')
 +      * ''READONLYADMIN''  - from IdM 13.0.14, universal read permission - includes all passive operations (''AUTOCOMPLETE'', ''COUNT'', ''READ''), applicable for ''APP'' group, defining user that can view anything in IdM but cannot perform any change (read only administrator)
       * ''COUNT''  - number of records - The number of entities that match the filter. We do not have to have permissions for reading a agenda and details.       * ''COUNT''  - number of records - The number of entities that match the filter. We do not have to have permissions for reading a agenda and details.
       * ''AUTOCOMPLETE''  - displaying of data in the autocomplete. We do not have to have permissions for reading a agenda but we need to select it somewhere from a menu (e.g. when requesting a role we can select it but if we had only this permission, we would not see the role in the role agenda). This permission enables reading a "trimmed" detail (we might limit this).       * ''AUTOCOMPLETE''  - displaying of data in the autocomplete. We do not have to have permissions for reading a agenda but we need to select it somewhere from a menu (e.g. when requesting a role we can select it but if we had only this permission, we would not see the role in the role agenda). This permission enables reading a "trimmed" detail (we might limit this).
  • by koulaj