Web Service (SOAP) Authorizations
ID | Action | Allowed access to page |
---|---|---|
1 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#all | All operations |
2 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#getObject | getObject operation |
3 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#searchObjects | searchObjects operation |
4 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#executeChanges | executeChanges operation |
5 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#findShadowOwner | findShadowOwner operation |
6 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#testResource | testResource operation |
7 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#importFromResource | importFromResource operation |
8 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#notifyChange | notifyChange operation |
9 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-ws-3#executeScripts | executeScripts operation |
REST Service Authorizations
ID | Action | Allowed access to page |
---|---|---|
1 | http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all | All operations |
Service Authorizations and Object Authorizations
WS or REST authorizations are necessary, but not sufficient condition to allow access to data in midPoint. These authorizations are just the "first line" of defense. The user needs to have these authorizations to invoke the service operation. But this authorization does not give access to any data. For practical use-cases the user must also have ordinary (object) authorizations such as read, add, modify or delete to access any midPoint data. Without these authorizations the WS/REST authorizations are almost useless.