Alternative namesInternal privilege, Fine-grained authorization model


Authorization is a complex permission or privilege, allowing midPoint users access to parts of midPoint functionality. It is an internal mechanism for access control inside midPoint application, user interface and the services that midPoint exposes. Authorization statements are based on the usual subject-action-object triple used by many authorization systems. However, midPoint extends the basic structure with numerous additional parameters, making the authorization system extremely powerful. Albeit authorizations are meant to express internal access to midPoint functionality, authorization mechanism is well integrated with the usual role-based access control (RBAC) mechanism. Such integration allows to manage internal midPoint authorizations using the familiar mechanisms used to management of privileges in external identity resources.


Version Introduction Guides Configuration Examples Plans
Development Authorization
4.8 Authorization
Was this page helpful?
Thanks for your feedback