GUI Authorizations

Last modified 19 Jun 2024 15:02 +02:00

In the midPoint, we now support these GUI actions:

Overall Administration Actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all

All GUI pages

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home

Administration dashboard (including the actions)

covers also #dashboard and #myPasswords

All administration pages for users (including the actions)

All administration pages for resources (including the actions)

All administration pages for roles (including the actions)

All administration configuration pages (including the actions)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allWorkItems

All administration pages for work items (including the actions)

Since 4.0

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAll

All administration pages for reports (including the actions)

All administration pages for tasks (including the actions)

All administration pages for org. structure (including the actions)

All pages for access certification (including actions)

Since 3.4

All pages for archetypes

Since 4.0

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign

Assign menu item authorization on the Assignment tab

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign

Unassign menu item authorization on the Assignment tab

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignAllMembers

Unassign all members menu item authorization on the Assignment tab

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#previewChanges

Authorization required to access preview changes page. The authorization is also check while deciding if previewButton should be shown.

Since 4.1

Administration Dashboard Actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#dashboard

Administration dashboard

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myPasswords

My passwords

Page removed in 3.3, see self-service credentials page instead

User actions

Role actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#roles

List roles

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#role

Create role

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#roleDetails

Details of role (including editing)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignMember

Assign/manage role members (role/service/policy details, "Members" tab)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddMember

Create new member (role/service/policy details, "Members" tab)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignMember

Unassign member (role/service/policy details, "Members" tab)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeMember

Recompute member (role/service/policy details, "Members" tab)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignGovernance

Assign member (role/service/policy details, "Governance" tab)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignGovernance

Unssign member (role/service/policy details, "Governance" tab)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddGovernance

Create new member (role/service/policy details, "Governance" tab)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#rolesView

Showing menu items for views that are configured for roles.

Since 4.0.1

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#roleHistory

Role historical data viewer page. The authorization check is also performed to determine whether the "View object data" button should be displayed on the history page.

Organization actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll

TODO: #orgTree + #orgStruct?

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree

Org tree hierarchy

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit

Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignOrgMember

Authorization for Assign menu item on the org Managers and Members panels (e.g. Assign Managers, Assign Members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignOrgMember

Authorization for Unassign menu item on the org Managers and Members panels (e.g. Unassign selected members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddOrgMember

Authorization for Create menu item on the org Managers and Members panels (e.g. Create manager, Create member)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminDeleteOrgMember

Authorization for Delete menu item on the org Managers and Members panels (e.g. Delete all managers, Delete member, Delete all (focus) members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeOrgMember

Authorization for Recompute menu item on the org Managers and Members panels (e.g. Recompute all managers, Recompute selected members, Recompute direct members, Recompute all members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove

Authorization for Move organization menu item

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMakeRoot

Authorization for Make root organization menu item

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory

Org unit historical data viewer page. The authorization check is also performed to determine whether the "View object data" button should be displayed on the history page.

Service actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#services

List services

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#service

Create service

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#serviceDetails

Details of service

Since 4.4.2

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#serviceHistory

Service historical data viewer page. The authorization check is also performed to determine whether the "View object data" button should be displayed on the history page.

Policy actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#policiesAll

All actions related to policies

Since 4.9

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#policies

List policies

Since 4.9

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#policy

Create policy

Since 4.9

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#policyDetails

Details of policy

Since 4.9

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#policyHistory

Policy historical data viewer page. The authorization check is also performed to determine whether the "View object data" button should be displayed on the history page.

Since 4.9

Case actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#cases

All cases. If only this authorization is defined, no views (My Cases, All Approvals) will be shown in the sidebar menu.

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#casesView

Showing menu items for views that are configured for cases.

Access certification actions

Please see Access Certification Security for detailed list.

Focal object tabs authorizations

Display of object detail tabs is not controlled by authorizations. Admin GUI Configuration is used to control this behavior.

Was this page helpful?
YES NO
Thanks for your feedback