Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:security:dev:authorization [2021/06/16 08:38] husniko [RoleGuaranteeEvaluator] |
devel:documentation:security:dev:authorization [2022/03/02 06:38] doischert |
||
---|---|---|---|
Line 36: | Line 36: | ||
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
< | < | ||
* '' | * '' | ||
Line 204: | Line 204: | ||
This evaluator solves both ways (or). | This evaluator solves both ways (or). | ||
- | Evaluator can be used for UC, when role guarantee can assign his roles to users (@since 11.1.0). The authorization policies | + | Evaluator can be used for UC, when role guarantee can assign his roles to users (@since 11.1.0). The authorization policies |
* Permission to work with guaranteed roles: Roles (IdmRole) | View in select box (autocomplete), | * Permission to work with guaranteed roles: Roles (IdmRole) | View in select box (autocomplete), | ||
* Permission to all identities: Users (IdmIdentity) | Read | BasePermissionEvaluator | * Permission to all identities: Users (IdmIdentity) | Read | BasePermissionEvaluator | ||
Line 288: | Line 288: | ||
For show identity-accounts only for identities witch have permissions on the accounts. With this evaluator can user show and edit only identity-accounts where is owner for the accounts. | For show identity-accounts only for identities witch have permissions on the accounts. With this evaluator can user show and edit only identity-accounts where is owner for the accounts. | ||
+ | |||
+ | ==== ReportByReportTypeEvaluator ==== | ||
+ | |||
+ | @since 12.2.0 | ||
+ | Gives currently logged identity permission to work with specified reports. Reports are specified by executor name (e. g., ' | ||
+ | This evaluator limits which report executors are returned as available by ReportManager. For generated reports, the user is able to see EVERY report of the type which was created. | ||
+ | To download a report, a simple READ permission is not enough, a CREATE or ADMIN permission is needed. | ||
==== SelfReportEvaluator ==== | ==== SelfReportEvaluator ==== |