In the midPoint, we now support these GUI actions:
Overall Administration Actions
Self-service Actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll | All self-service pages | Since 3.3 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard | Self-service Home | Since 3.3 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile | Self-service profile | Since 3.3 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials | Self-service credentials | Since 3.3 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestRole | Self-service request a role | 3.4-3.5.x, not supported in 3.6+ |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestAssignment | Self-service request a role | appeared in 3.6 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestAssignments | Self-service request a role | Since 3.6 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#postAuthentication | Post-authentication | Since 3.8.1 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#assignmentDetails | Self-service assignment details |
Administration Dashboard Actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#dashboard | Administration dashboard | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myPasswords | My passwords | Page removed in 3.3, see self-service credentials page instead |
User actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users | List users | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#user | Create user | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails | Edit user | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsers | Find users | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersView | Showing menu items for views that are configured for users. |
Resource actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources | List resources | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resource | Create resource (xml editor) | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceDetails | Details of resource | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceEdit | Edit resource | Resource Wizard |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesAccount | Listing accounts on resource | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceWizard | Resource wizard |
Role actions
Org. structure actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct | Org. tree main menu | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree | Org. tree hierarchy | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit | Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations) |
Organization actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll | TODO: #orgTree + #orgStruct? | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree | Org tree hierarchy | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit | Org. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations) | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignOrgMember | Authorization for Assign menu item on the org Managers and Members panels (e.g. Assign Managers, Assign Members) | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignOrgMember | Authorization for Unassign menu item on the org Managers and Members panels (e.g. Unassign selected members) | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddOrgMember | Authorization for Create menu item on the org Managers and Members panels (e.g. Create manager, Create member) | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminDeleteOrgMember | Authorization for Delete menu item on the org Managers and Members panels (e.g. Delete all managers, Delete member, Delete all (focus) members) | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeOrgMember | Authorization for Recompute menu item on the org Managers and Members panels (e.g. Recompute all managers, Recompute selected members, Recompute direct members, Recompute all members) | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove | Authorization for Move organization menu item | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMakeRoot | Authorization for Make root organization menu item |
Configuration actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debugs | Repository objects | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debug | Edit repository object | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configImport | Import object | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configLogging | Logging settings | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSystemConfiguration | System configuration | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configAbout | About system, self tests for repository and provisioning | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSyncAccounts | Accounts synchronization information |
Work items actions
Report actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reports | List reports | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#createdReports | Created reports | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#auditRead | Reading audit log data | since 3.5 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#auditLogViewer | Audit log viewer page |
Task actions
Org. structure actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct | Org. tree menu | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree | Org. tree hierarchy | |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit | Org. unit details (including editing) and New org. link |
Archetype actions
Action | Allowed access to page | Note |
---|---|---|
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetypes | List archetypes | Since 4.0 |
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetype | Edit archetype | Since 4.0 |
Access certification actions
Please see Access Certification Security for detailed list.
Focal object tabs authorizations
Display of object detail tabs is not controlled by authorizations. Admin GUI Configuration is used to control this behavior.