GUI Authorizations

In the midPoint, we now support these GUI actions:

Overall Administration Actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all	All GUI pages
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home	Administration dashboard (including actions)	covers also #dashboard and #myPasswords
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll	All administration pages for users (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesAll	All administration pages for resources (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#rolesAll	All administration pages for roles (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configurationAll	All administration configuration pages (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItemsAll http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allWorkItems	All administration pages for work items (including actions)	Since 4.0 to 3.9
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAll	All administration pages for reports (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAll	All administration pages for tasks (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll	All administration pages for org. structure (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#certificationAll	All pages for access certification (including actions)	Since 3.4
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetypesAll	All pages for archetypes	Since 4.0
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign	Assign menu item authorization on the Assignment tab
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign	Unassign menu item authorization on the Assignment tab
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignAllMembers	Unassign all members menu item authorization on the Assignment tab

Self-service Actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll	All self-service pages	Since 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard	Self-service Home	Since 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile	Self-service profile	Since 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials	Self-service credentials	Since 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestRole	Self-service request a role	3.4-3.5.x, not supported in 3.6+
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestAssignment DEPRECATED	Self-service request a role	appeared in 3.6 deprecated since 4.0.1 use #selfRequestAssignments instead
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestAssignments	Self-service request a role	Since 3.6
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#postAuthentication	Post-authentication	Since 3.8.1
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#assignmentDetails	Self-service assignment details

Administration Dashboard Actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#dashboard	Administration dashboard
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myPasswords	My passwords	Page removed in 3.3, see self-service credentials page instead

User actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users	List users
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#user	Create user
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails	Edit user
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsers	Find users
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersView	Showing menu items for views that are configured for users.

Resource actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources	List resources
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resource	Create resource (xml editor)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceDetails	Details of resource
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceEdit	Edit resource	Resource Wizard
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesAccount	Listing accounts on resource
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceWizard	Resource wizard

Role actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#roles	List roles
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#role	Create role
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#roleDetails	Details of role (including editing)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignMember	Assign/manage role members (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddMember	Create new member (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignMember	Unassign member (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeMember	Recompute member (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignGovernance	Assign member (role details, "Governance" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignGovernance	Unssign member (role details, "Governance" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddGovernance	Create new member (role details, "Governance" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#rolesView	Showing menu items for views that are configured for roles.	Since 4.0.1

Org. structure actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct	Org. tree main menu
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree	Org. tree hierarchy
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit	Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)

Organization actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll	TODO: #orgTree + #orgStruct?
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree	Org tree hierarchy
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit	Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignOrgMember	Authorization for Assign menu item on the org Managers and Members panels (e.g. Assign Managers, Assign Members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignOrgMember	Authorization for Unassign menu item on the org Managers and Members panels (e.g. Unassign selected members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddOrgMember	Authorization for Create menu item on the org Managers and Members panels (e.g. Create manager, Create member)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminDeleteOrgMember	Authorization for Delete menu item on the org Managers and Members panels (e.g. Delete all managers, Delete member, Delete all (focus) members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeOrgMember	Authorization for Recompute menu item on the org Managers and Members panels (e.g. Recompute all managers, Recompute selected members, Recompute direct members, Recompute all members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove	Authorization for Move organization menu item
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMakeRoot	Authorization for Make root organization menu item

Configuration actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debugs	Repository objects
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debug	Edit repository object
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configImport	Import object
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configLogging	Logging settings
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSystemConfiguration	System configuration
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configAbout	About system, self tests for repository and provisioning
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSyncAccounts	Accounts synchronization information

Work items actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItems	List work items
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems	My work items
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItem	Edit work item
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#attorneyWorkItems	Attorney items
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems	Items claimable by me
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allRequests	All requests
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myRequests	My requests
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#requestsAboutMe	Requests about me
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItemsProcessInstance	Process instance (Work items)

Report actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reports	List reports
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#createdReports	Created reports
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#auditRead	Reading audit log data	since 3.5
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#auditLogViewer	Audit log viewer page

Task actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks	List tasks
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#taskAdd	Create task
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#taskDetails	Task details
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#task	Edit task

Org. structure actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct	Org. tree menu
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree	Org. tree hierarchy
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit	Org. unit details (including editing) and New org. link

Archetype actions

Action	Allowed access to page	Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetypes	List archetypes	Since 4.0
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetype	Edit archetype	Since 4.0

Access certification actions

Please see Access Certification Security for detailed list.

Focal object tabs authorizations

Display of object detail tabs is not controlled by authorizations. Admin GUI Configuration is used to control this behavior.

Page tree

Overall Administration Actions

Self-service Actions

Administration Dashboard Actions

User actions

Resource actions

Role actions

Org. structure actions

Organization actions

Configuration actions

Work items actions

Report actions

Task actions

Org. structure actions

Archetype actions

Access certification actions

Focal object tabs authorizations

See also: