In the midPoint, we now support these GUI actions:

Overall Administration Actions

ActionAllowed access to pageNote
 http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allAll GUI pages
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#homeAdministration dashboard (including actions)covers also #dashboard and #myPasswords
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAllAll administration pages for users (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesAllAll administration pages for resources (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#rolesAllAll administration pages for roles (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configurationAllAll administration configuration pages (including actions)

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItemsAll

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allWorkItems

All administration pages for work items (including actions)

Since 4.0

to 3.9

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAllAll administration pages for reports (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAllAll administration pages for tasks (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAllAll administration pages for org. structure (including actions)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#certificationAllAll pages for access certification (including actions)Since 3.4
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetypesAllAll pages for archetypesSince 4.0
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignAssign menu item authorization on the Assignment tab
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignUnassign menu item authorization on the Assignment tab
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignAllMembersUnassign all members menu item authorization on the Assignment tab

Self-service Actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAllAll self-service pagesSince 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboardSelf-service HomeSince 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfileSelf-service profileSince 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentialsSelf-service credentialsSince 3.3
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestRoleSelf-service request a role3.4-3.5.x, not supported in 3.6+

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestAssignment
DEPRECATED

Self-service request a role

appeared in 3.6
deprecated since 4.0.1
use #selfRequestAssignments instead

http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestAssignmentsSelf-service request a roleSince 3.6
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#postAuthenticationPost-authenticationSince 3.8.1
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#assignmentDetailsSelf-service assignment details

Administration Dashboard Actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#dashboardAdministration dashboard
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myPasswordsMy passwordsPage removed in 3.3, see self-service credentials page instead

User actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersList users
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userCreate user
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetailsEdit user
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsersFind users
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersViewShowing menu items for views that are configured for users.

Resource actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesList resources
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceCreate resource (xml editor)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceDetailsDetails of resource
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceEditEdit resourceResource Wizard
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesAccountListing accounts on resource
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourceWizardResource wizard

Role actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#rolesList roles
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#roleCreate role
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#roleDetailsDetails of role (including editing)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignMemberAssign/manage role members (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddMemberCreate new member (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignMemberUnassign member (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeMemberRecompute member (role/service details, "Members" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignGovernanceAssign member (role details, "Governance" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignGovernanceUnssign member (role details, "Governance" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddGovernanceCreate new member (role details, "Governance" tab)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#rolesViewShowing menu items for views that are configured for roles.Since 4.0.1

Org. structure actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStructOrg. tree main menu
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTreeOrg. tree hierarchy
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitOrg. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)

 Organization actions

Action
Allowed access to page
Note
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAllTODO: #orgTree + #orgStruct?
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTreeOrg tree hierarchy
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitOrg. unit details (including editing) and New org. link (based on #read, #modify, #add and #delete model authorizations)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssignOrgMemberAuthorization for Assign menu item on the org Managers and Members panels (e.g. Assign Managers, Assign Members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassignOrgMemberAuthorization for Unassign menu item on the org Managers and Members panels (e.g. Unassign selected members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAddOrgMemberAuthorization for Create menu item on the org Managers and Members panels (e.g. Create manager, Create member)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminDeleteOrgMemberAuthorization for Delete menu item on the org Managers and Members panels (e.g. Delete all managers, Delete member, Delete all (focus) members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminRecomputeOrgMemberAuthorization for Recompute menu item on the org Managers and Members panels (e.g. Recompute all managers, Recompute selected members, Recompute direct members, Recompute all members)
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove Authorization for Move organization menu item
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMakeRoot  Authorization for Make root organization menu item

Configuration actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debugsRepository objects
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#debugEdit repository object
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configImportImport object
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configLoggingLogging settings
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSystemConfigurationSystem configuration
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configAboutAbout system, self tests for repository and provisioning
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#configSyncAccountsAccounts synchronization information

Work items actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItemsList work items
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItemsMy work items
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItemEdit work item
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#attorneyWorkItemsAttorney items
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItemsItems claimable by me
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#allRequestsAll requests
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myRequestsMy requests
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#requestsAboutMeRequests about me
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#workItemsProcessInstanceProcess instance (Work items)

Report actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsList reports
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#createdReportsCreated reports

http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#auditRead

Reading audit log datasince 3.5
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#auditLogViewerAudit log viewer page

Task actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksList tasks
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#taskAdd

Create task


http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#taskDetailsTask details
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#taskEdit task

Org. structure actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStructOrg. tree menu
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTreeOrg. tree hierarchy
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitOrg. unit details (including editing) and New org. link

Archetype actions

ActionAllowed access to pageNote
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetypesList archetypesSince 4.0
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#archetypeEdit archetypeSince 4.0

Access certification actions

Please see Access Certification Security for detailed list.

Focal object tabs authorizations

Display of object detail tabs is not controlled by authorizations. Admin GUI Configuration is used to control this behavior.

See also: