Service Authorizations
REST Service Authorizations
ID | Action | Allows access to |
---|---|---|
1 |
|
All operations |
2 |
|
Access to specific REST operation. The URI fragments of individual operations are present in their description: on pages devoted to individual operations, e.g., Search Operation. These authorizations do not check for any specific objects, e.g., an object that is going to be retrieved or modified by the operation. They are just "yes/no" authorizations for the operation itself. |
3 |
|
Authorizes the impersonation. |
Service Authorizations and Object Authorizations
REST authorizations are necessary, but not sufficient condition to allow access to data in midPoint. These authorizations are just the "first line" of defense. The user needs to have these authorizations to invoke the service operation. But this authorization does not give access to any data. For practical use-cases the user must also have ordinary (object) authorizations such as read, add, modify or delete to access any midPoint data. Without these authorizations the REST authorizations are almost useless.