Service Authorizations

Last modified 21 Feb 2024 20:37 +01:00

REST Service Authorizations

ID Action Allows access to

1

http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all

All operations

2

http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#<operation>

Access to specific REST operation. The URI fragments of individual operations are present in their description: on pages devoted to individual operations, e.g., Search Operation. These authorizations do not check for any specific objects, e.g., an object that is going to be retrieved or modified by the operation. They are just "yes/no" authorizations for the operation itself.

3

http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#proxy

Authorizes the impersonation.

Service Authorizations and Object Authorizations

REST authorizations are necessary, but not sufficient condition to allow access to data in midPoint. These authorizations are just the "first line" of defense. The user needs to have these authorizations to invoke the service operation. But this authorization does not give access to any data. For practical use-cases the user must also have ordinary (object) authorizations such as read, add, modify or delete to access any midPoint data. Without these authorizations the REST authorizations are almost useless.

See Also

Was this page helpful?
YES NO
Thanks for your feedback