Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
tutorial:adm:add_permissions [2018/12/28 10:04] kotisovam |
tutorial:adm:add_permissions [2018/12/28 10:04] (current) kotisovam |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Permissions setting for a role ====== | ||
+ | Look up a role you wish to assign a permission to and open its detail - **Roles -> Role detail**. Then continue to the **Permissions** tab. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | To add permissions for actions in CzechIdM to a role, click on the Add button. The following attributes can then be set: | ||
+ | {{ : | ||
+ | |||
+ | The following attributes can be set: | ||
+ | |||
+ | * **Role (Read Only)** – the name of the role, whose permission for CzechIdM you would like to change. | ||
+ | * **Entity type** – A form in GUI of an object type in CzechIdM, for which you would like to edit the permission. For example, to add the permission to display the audit logs to the holder of the role, select the item Audit. | ||
+ | * **Permission** – The type of permission which you would like to assign to the holder of the role for an agenda / entity selected in the previous step. The typical permissions are reading/ | ||
+ | * **Order** – If the user has more permissions from more roles, the order is determined by the order of evaluations of these permissions. The logical principle of **or** is applied. If the user has role A, which permits reading subordinates, | ||
+ | * **Description** – an optional description | ||
+ | * **Inactive** – a permission marked this way will not be valid upon saving. This selection is used mainly when you would like to prepare a set of permissions with a future starting date of validity, for instance. | ||
+ | * **Evaluator type** – This item is sometimes called the **evaluator** as well. Evaluators are used to delimit a group of objects (Agenda / Entity type), for which the holders of the role get a permission. If the chosen entity type is Users (IdMIdentity), |