Bulk Actions Authorizations
Since 4.8This functionality is available since version 4.8.
Bulk actions are generally considered "safe", as their execution involves checking appropriate authorizations.
For example, if one executes
add action, the
#add authorization relevant to object(s) being added is required.
However, to add another layer of security - for example, to prevent denial of service attacks - the mere execution of a bulk action requires a special authorization.
Before midPoint 4.8, it was named
Unfortunately, the name was confusing.
(Because of their power, to run these scripts from bulk actions before 4.8, the
#all authorization was required.)
Since 4.8, the
#executeScript authorization is replaced by
Furthermore, it is now possible to allow or deny execution of individual actions using authorizations.
For example, if only
http://midpoint.evolveum.com/xml/ns/public/security/authorization-bulk-3#assign is granted, then only
assign bulk action can be invoked.
The primary names of actions should be used: e.g.,