This shows you the differences between two versions of the page.
Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
devel:documentation:security:dev:authorization [2022/08/02 10:06] kucerar add skip cas mention |
devel:documentation:security:dev:authorization [2024/05/28 12:35] (current) koulaj |
* ''BasePermission'' - a base permission; can be added in modules; basic permissions for the IdM core, which are identical for both permissions for access into agendas and for permissions for data: | * ''BasePermission'' - a base permission; can be added in modules; basic permissions for the IdM core, which are identical for both permissions for access into agendas and for permissions for data: |
* ''ADMIN'' - administration - includes all operations ⇒ wildcard - there is no need to list all the operations (see ''IdmAuthorityHierarchy'') | * ''ADMIN'' - administration - includes all operations ⇒ wildcard - there is no need to list all the operations (see ''IdmAuthorityHierarchy'') |
| * ''READONLYADMIN'' - from IdM 13.0.14, universal read permission - includes all passive operations (''AUTOCOMPLETE'', ''COUNT'', ''READ''), applicable for ''APP'' group only, defining user that can view anything in IdM but cannot perform any change (read only administrator) |
* ''COUNT'' - number of records - The number of entities that match the filter. We do not have to have permissions for reading a agenda and details. | * ''COUNT'' - number of records - The number of entities that match the filter. We do not have to have permissions for reading a agenda and details. |
* ''AUTOCOMPLETE'' - displaying of data in the autocomplete. We do not have to have permissions for reading a agenda but we need to select it somewhere from a menu (e.g. when requesting a role we can select it but if we had only this permission, we would not see the role in the role agenda). This permission enables reading a "trimmed" detail (we might limit this). | * ''AUTOCOMPLETE'' - displaying of data in the autocomplete. We do not have to have permissions for reading a agenda but we need to select it somewhere from a menu (e.g. when requesting a role we can select it but if we had only this permission, we would not see the role in the role agenda). This permission enables reading a "trimmed" detail (we might limit this). |