Authorization
| Alternative names | Internal privilege, Fine-grained authorization model |
|---|---|
| Status | supported |
Description
Authorization is a complex permission or privilege, allowing midPoint users access to parts of midPoint functionality. It is an internal mechanism for access control inside midPoint application, user interface and the services that midPoint exposes. Authorization statements are based on the usual subject-action-object triple used by many authorization systems. However, midPoint extends the basic structure with numerous additional parameters, making the authorization system extremely powerful. Albeit authorizations are meant to express internal access to midPoint functionality, authorization mechanism is well integrated with the usual role-based access control (RBAC) mechanism. Such integration allows to manage internal midPoint authorizations using the familiar mechanisms used to management of privileges in external identity resources.
Documentation
| Version | Introduction | Guides | Configuration | Examples | Plans |
|---|---|---|---|---|---|
| 4.9 | Authorization |
||||
| Development | Authorization |
||||
| 4.8 | Authorization |
Related Features
Compliance
This feature is related to the following compliance frameworks: