Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
devel:documentation:security:dev:authorization [2022/08/02 10:06]
kucerar add skip cas mention 		devel:documentation:security:dev:authorization [2024/05/28 12:35]
koulaj
Line 27: Line 27:
   * ''BasePermission''  - a base permission; can be added in modules; basic permissions for the IdM core, which are identical for both permissions for access into agendas and for permissions for data:   * ''BasePermission''  - a base permission; can be added in modules; basic permissions for the IdM core, which are identical for both permissions for access into agendas and for permissions for data:
       * ''ADMIN''  - administration - includes all operations ⇒ wildcard - there is no need to list all the operations (see ''IdmAuthorityHierarchy'')       * ''ADMIN''  - administration - includes all operations ⇒ wildcard - there is no need to list all the operations (see ''IdmAuthorityHierarchy'')
 +      * ''READONLYADMIN''  - from IdM 13.0.14, universal read permission - includes all passive operations (''AUTOCOMPLETE'', ''COUNT'', ''READ''), applicable for ''APP'' group only, defining user that can view anything in IdM but cannot perform any change (read only administrator)
       * ''COUNT''  - number of records - The number of entities that match the filter. We do not have to have permissions for reading a agenda and details.       * ''COUNT''  - number of records - The number of entities that match the filter. We do not have to have permissions for reading a agenda and details.
       * ''AUTOCOMPLETE''  - displaying of data in the autocomplete. We do not have to have permissions for reading a agenda but we need to select it somewhere from a menu (e.g. when requesting a role we can select it but if we had only this permission, we would not see the role in the role agenda). This permission enables reading a "trimmed" detail (we might limit this).       * ''AUTOCOMPLETE''  - displaying of data in the autocomplete. We do not have to have permissions for reading a agenda but we need to select it somewhere from a menu (e.g. when requesting a role we can select it but if we had only this permission, we would not see the role in the role agenda). This permission enables reading a "trimmed" detail (we might limit this).
  • by koulaj