GUI Authorizations

Last modified 22 Apr 2021 18:14 +02:00

In the midPoint, we now support these GUI actions:

Overall Administration Actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all

All GUI pages

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home

Administration dashboard (including the actions)

covers also #dashboard and #myPasswords

All administration pages for users (including the actions)

All administration pages for resources (including the actions)

All administration pages for roles (including the actions)

All administration configuration pages (including the actions)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allWorkItems

All administration pages for work items (including the actions)

Since 4.0to 3.9

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAll

All administration pages for reports (including the actions)

All administration pages for tasks (including the actions)

All administration pages for org. structure (including the actions)

All pages for access certification (including actions)

Since 3.4

All pages for archetypes

Since 4.0

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign

Assign menu item authorization on the Assignment tab

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign

Unassign menu item authorization on the Assignment tab

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignAllMembers

Unassign all members menu item authorization on the Assignment tab

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#previewChanges

Authorization required to access preview changes page. The authorization is also check while deciding if previewButton should be shown.

Since 4.1

homeActionsAdministration Dashboard Actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#dashboard

Administration dashboard

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myPasswords

My passwords

Page removed in 3.3, see self-service credentials page instead

roleActionsRole actions

orgStructureActionsOrg. structure actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct

Org. tree main menu

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree

Org. tree hierarchy

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit

Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)

orgActions Organization actions

Action Allowed access to page Note

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll

TODO: #orgTree + #orgStruct?

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree

Org tree hierarchy

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit

Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignOrgMember

Authorization for Assign menu item on the org Managers and Members panels (e.g. Assign Managers, Assign Members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignOrgMember

Authorization for Unassign menu item on the org Managers and Members panels (e.g. Unassign selected members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddOrgMember

Authorization for Create menu item on the org Managers and Members panels (e.g. Create manager, Create member)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminDeleteOrgMember

Authorization for Delete menu item on the org Managers and Members panels (e.g. Delete all managers, Delete member, Delete all (focus) members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeOrgMember

Authorization for Recompute menu item on the org Managers and Members panels (e.g. Recompute all managers, Recompute selected members, Recompute direct members, Recompute all members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove

Authorization for Move organization menu item

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMakeRoot

Authorization for Make root organization menu item

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll

TODO: #orgTree + #orgStruct?

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree

Org tree hierarchy

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit

Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignOrgMember

Authorization for Assign menu item on the org Managers and Members panels (e.g. Assign Managers, Assign Members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignOrgMember

Authorization for Unassign menu item on the org Managers and Members panels (e.g. Unassign selected members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddOrgMember

Authorization for Create menu item on the org Managers and Members panels (e.g. Create manager, Create member)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminDeleteOrgMember

Authorization for Delete menu item on the org Managers and Members panels (e.g. Delete all managers, Delete member, Delete all (focus) members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeOrgMember

Authorization for Recompute menu item on the org Managers and Members panels (e.g. Recompute all managers, Recompute selected members, Recompute direct members, Recompute all members)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove

Authorization for Move organization menu item

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMakeRoot

Authorization for Make root organization menu item

orgStructureActionsOrg. structure actions

archetypeActionsArchetype actions

certificationActionsAccess certification actions

Please see Access Certification Security for detailed list.

Focal object tabs authorizations

Display of object detail tabs is not controlled by authorizations. Admin GUI Configuration is used to control this behavior.