Class AuthorizationConstants
java.lang.Object
com.evolveum.midpoint.security.api.AuthorizationConstants
- Author:
- semancik
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final QNameAuthorization to access all REST operations (web resources).static final Stringstatic final QNameAuthorization for a proxy user.static final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final QNamestatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final QNamestatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final QNamestatic final Stringstatic final PathSetThose are the items that midPoint logic controls directly.static final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final PathSetItems that are not considered for authorization in case that the entire container is deleted. -
Constructor Summary
Constructors -
Method Summary
-
Field Details
-
NS_SECURITY_PREFIX
- See Also:
-
NS_AUTHORIZATION
- See Also:
-
NS_AUTHORIZATION_UI
- See Also:
-
NS_AUTHORIZATION_WS
- See Also:
-
NS_AUTHORIZATION_REST
- See Also:
-
NS_AUTHORIZATION_BULK
- See Also:
-
NS_AUTHORIZATION_MODEL
- See Also:
-
NS_AUTHORIZATION_ACTUATOR
- See Also:
-
AUTZ_ALL_QNAME
-
AUTZ_ALL_URL
-
AUTZ_REST_ALL_QNAME
Authorization to access all REST operations (web resources). This does NOT grant proxy authorization. It just gives access to all the REST API operations. It does not automatically allow access to the data. Additional data-level authorizations must be in place for most REST operations to be executed. -
AUTZ_REST_ALL_URL
-
AUTZ_BULK_ALL_QNAME
-
AUTZ_BULK_ALL_URL
-
AUTZ_REST_PROXY_QNAME
Authorization for a proxy user. The proxy user may impersonate other users. Special HTTP header may be used to switch the identity without additional authentication. -
AUTZ_REST_PROXY_URL
-
AUTZ_WS_ALL_QNAME
-
AUTZ_WS_ALL_URL
-
AUTZ_NO_ACCESS_URL
- See Also:
-
AUTZ_DENY_ALL_QNAME
-
AUTZ_DENY_ALL_URL
-
AUTZ_DENY_ALL
- See Also:
-
AUTZ_GUI_ALL_QNAME
-
AUTZ_GUI_ALL_URL
-
AUTZ_GUI_ALL_LABEL
- See Also:
-
AUTZ_GUI_ALL_DESCRIPTION
- See Also:
-
AUTZ_UI_SIMULATIONS_ALL_QNAME
-
AUTZ_UI_SIMULATIONS_ALL_URL
- See Also:
-
AUTZ_UI_SIMULATION_RESULTS_QNAME
-
AUTZ_UI_SIMULATION_RESULTS_URL
- See Also:
-
AUTZ_UI_SIMULATION_RESULT_QNAME
-
AUTZ_UI_SIMULATION_RESULT_URL
- See Also:
-
AUTZ_UI_SIMULATION_PROCESSED_OBJECTS_QNAME
-
AUTZ_UI_SIMULATION_PROCESSED_OBJECTS_URL
- See Also:
-
AUTZ_UI_SIMULATION_PROCESSED_OBJECT_QNAME
-
AUTZ_UI_SIMULATION_PROCESSED_OBJECT_URL
- See Also:
-
AUTZ_UI_MARKS_ALL_QNAME
-
AUTZ_UI_MARKS_ALL_URL
- See Also:
-
AUTZ_UI_MARKS_QNAME
-
AUTZ_UI_MARKS_URL
- See Also:
-
AUTZ_UI_MARK_QNAME
-
AUTZ_UI_MARK_URL
- See Also:
-
AUTZ_UI_USERS_ALL_QNAME
-
AUTZ_UI_USERS_ALL_URL
- See Also:
-
AUTZ_UI_USERS_QNAME
-
AUTZ_UI_USERS_URL
- See Also:
-
AUTZ_UI_ROLE_ANALYSIS_ALL_QNAME
-
AUTZ_UI_ROLE_ANALYSIS_ALL_URL
- See Also:
-
AUTZ_UI_ROLE_ANALYSIS_CLUSTER_QNAME
-
AUTZ_UI_ROLE_ANALYSIS_CLUSTER_URL
- See Also:
-
AUTZ_UI_ROLE_ANALYSIS_SESSION_QNAME
-
AUTZ_UI_ROLE_ANALYSIS_SESSION_URL
- See Also:
-
AUTZ_UI_USERS_VIEW_QNAME
-
AUTZ_UI_USERS_VIEW_URL
- See Also:
-
AUTZ_UI_FIND_USERS_QNAME
-
AUTZ_UI_FIND_USERS_URL
- See Also:
-
AUTZ_UI_USER_QNAME
-
AUTZ_UI_USER_URL
- See Also:
-
AUTZ_UI_USER_HISTORY_QNAME
-
AUTZ_UI_USER_HISTORY_URL
- See Also:
-
AUTZ_UI_ORG_UNIT_HISTORY_QNAME
-
AUTZ_UI_ORG_UNIT_HISTORY_URL
- See Also:
-
AUTZ_UI_ROLE_HISTORY_QNAME
-
AUTZ_UI_ROLE_HISTORY_URL
- See Also:
-
AUTZ_UI_SERVICE_HISTORY_QNAME
-
AUTZ_UI_SERVICE_HISTORY_URL
- See Also:
-
AUTZ_UI_USER_HISTORY_XML_REVIEW_QNAME
-
AUTZ_UI_USER_HISTORY_XML_REVIEW_URL
- See Also:
-
AUTZ_UI_USER_DETAILS_QNAME
-
AUTZ_UI_USER_DETAILS_URL
- See Also:
-
AUTZ_UI_MERGE_OBJECTS_QNAME
-
AUTZ_UI_MERGE_OBJECTS_URL
- See Also:
-
AUTZ_UI_SERVICES_ALL_QNAME
-
AUTZ_UI_SERVICES_ALL_URL
- See Also:
-
AUTZ_UI_SERVICES_QNAME
-
AUTZ_UI_SERVICES_URL
- See Also:
-
AUTZ_UI_SERVICE_QNAME
-
AUTZ_UI_SERVICE_URL
- See Also:
-
AUTZ_UI_SERVICE_DETAILS_QNAME
-
AUTZ_UI_SERVICE_DETAILS_URL
- See Also:
-
AUTZ_UI_ARCHETYPES_ALL_QNAME
-
AUTZ_UI_ARCHETYPES_ALL_URL
- See Also:
-
AUTZ_UI_MESSAGE_TEMPLATES_ALL_QNAME
-
AUTZ_UI_MESSAGE_TEMPLATES_ALL_URL
- See Also:
-
AUTZ_UI_ARCHETYPES_QNAME
-
AUTZ_UI_ARCHETYPES_URL
- See Also:
-
AUTZ_UI_MESSAGE_TEMPLATES_QNAME
-
AUTZ_UI_MESSAGE_TEMPLATES_URL
- See Also:
-
AUTZ_UI_ARCHETYPE_QNAME
-
AUTZ_UI_ARCHETYPE_URL
- See Also:
-
AUTZ_UI_MESSAGE_TEMPLATE_QNAME
-
AUTZ_UI_MESSAGE_TEMPLATE_URL
- See Also:
-
AUTZ_UI_OBJECT_COLLECTIONS_ALL_QNAME
-
AUTZ_UI_OBJECT_COLLECTIONS_ALL_URL
- See Also:
-
AUTZ_UI_OBJECT_COLLECTIONS_QNAME
-
AUTZ_UI_OBJECT_COLLECTIONS_URL
- See Also:
-
AUTZ_UI_OBJECT_COLLECTION_QNAME
-
AUTZ_UI_OBJECT_COLLECTION_URL
- See Also:
-
AUTZ_UI_OBJECT_TEMPLATES_ALL_QNAME
-
AUTZ_UI_OBJECT_TEMPLATES_ALL_URL
- See Also:
-
AUTZ_UI_OBJECT_TEMPLATES_QNAME
-
AUTZ_UI_OBJECT_TEMPLATES_URL
- See Also:
-
AUTZ_UI_OBJECT_TEMPLATE_QNAME
-
AUTZ_UI_OBJECT_TEMPLATE_URL
- See Also:
-
AUTZ_UI_VALUE_POLICIES_ALL_QNAME
-
AUTZ_UI_VALUE_POLICIES_ALL_URL
- See Also:
-
AUTZ_UI_VALUE_POLICIES_QNAME
-
AUTZ_UI_VALUE_POLICIES_URL
- See Also:
-
AUTZ_UI_VALUE_POLICY_QNAME
-
AUTZ_UI_VALUE_POLICY_URL
- See Also:
-
AUTZ_UI_RESOURCES_ALL_QNAME
-
AUTZ_UI_RESOURCES_ALL_URL
- See Also:
-
AUTZ_UI_RESOURCES_QNAME
-
AUTZ_UI_RESOURCES_URL
- See Also:
-
AUTZ_UI_CONNECTOR_HOSTS_ALL_QNAME
-
AUTZ_UI_CONNECTOR_HOSTS_ALL_URL
- See Also:
-
AUTZ_UI_RESOURCE_QNAME
-
AUTZ_UI_RESOURCE_URL
- See Also:
-
AUTZ_UI_RESOURCE_DETAILS_QNAME
-
AUTZ_UI_RESOURCE_DETAILS_URL
- See Also:
-
AUTZ_UI_RESOURCE_EDIT_QNAME
-
AUTZ_UI_RESOURCE_EDIT_URL
- See Also:
-
AUTZ_UI_RESOURCES_ACCOUNT_QNAME
-
AUTZ_UI_RESOURCES_ACCOUNT_URL
- See Also:
-
AUTZ_UI_RESOURCES_CONTENT_ACCOUNTS_QNAME
-
AUTZ_UI_RESOURCES_CONTENT_ACCOUNTS_URL
- See Also:
-
AUTZ_UI_RESOURCES_CONTENT_ENTITLEMENTS_QNAME
-
AUTZ_UI_RESOURCES_CONTENT_ENTITLEMENTS_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_ALL_QNAME
-
AUTZ_UI_CONFIGURATION_ALL_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_ABOUT_QNAME
-
AUTZ_UI_CONFIGURATION_ABOUT_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_QNAME
-
AUTZ_UI_CONFIGURATION_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_DEBUG_QNAME
-
AUTZ_UI_CONFIGURATION_DEBUG_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_DEBUGS_QNAME
-
AUTZ_UI_CONFIGURATION_DEBUGS_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_IMPORT_QNAME
-
AUTZ_UI_CONFIGURATION_IMPORT_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_LOGGING_QNAME
-
AUTZ_UI_CONFIGURATION_LOGGING_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_QNAME
-
AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_INTERNALS_QNAME
-
AUTZ_UI_CONFIGURATION_INTERNALS_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_REPOSITORY_QUERY
-
AUTZ_UI_CONFIGURATION_REPOSITORY_QUERY_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_EVALUATE_MAPPING
-
AUTZ_UI_CONFIGURATION_EVALUATE_MAPPING_URL
- See Also:
-
AUTZ_UI_CONFIGURATION_AUTHORIZATION_PLAYGROUND_URL
- See Also:
-
AUTZ_UI_TRACE_VIEW
-
AUTZ_UI_TRACE_VIEW_URL
- See Also:
-
AUTZ_UI_ROLES_ALL_QNAME
-
AUTZ_UI_ROLES_ALL_URL
- See Also:
-
AUTZ_UI_ROLES_QNAME
-
AUTZ_UI_ROLES_URL
- See Also:
-
AUTZ_UI_ROLE_QNAME
-
AUTZ_UI_ROLE_URL
- See Also:
-
AUTZ_UI_ROLE_DETAILS_QNAME
-
AUTZ_UI_ROLE_DETAILS_URL
- See Also:
-
AUTZ_UI_ORG_STRUCT_QNAME
-
AUTZ_UI_ORG_STRUCT_URL
- See Also:
-
AUTZ_UI_ORG_ALL_QNAME
-
AUTZ_UI_ORG_ALL_URL
- See Also:
-
AUTZ_UI_ORGS_QNAME
-
AUTZ_UI_ORGS_URL
- See Also:
-
AUTZ_UI_ORG_TREE_QNAME
-
AUTZ_UI_ORG_TREE_URL
- See Also:
-
AUTZ_UI_ORG_UNIT_QNAME
-
AUTZ_UI_ORG_UNIT_URL
- See Also:
-
AUTZ_UI_ORG_DETAILS_QNAME
-
AUTZ_UI_ORG_DETAILS_URL
- See Also:
-
AUTZ_UI_APPROVALS_ALL_URL
- See Also:
-
AUTZ_UI_MY_WORK_ITEMS_URL
- See Also:
-
AUTZ_UI_ATTORNEY_WORK_ITEMS_URL
- See Also:
-
AUTZ_UI_CLAIMABLE_WORK_ITEMS_URL
- See Also:
-
AUTZ_UI_ALL_WORK_ITEMS_URL
- See Also:
-
AUTZ_UI_WORK_ITEM_URL
- See Also:
-
AUTZ_UI_WORK_ITEMS_ALL_REQUESTS_URL
- See Also:
-
AUTZ_UI_MY_REQUESTS_URL
- See Also:
-
AUTZ_UI_REQUESTS_ABOUT_ME_URL
- See Also:
-
AUTZ_UI_TASKS_ALL_QNAME
-
AUTZ_UI_TASKS_ALL_URL
- See Also:
-
AUTZ_UI_TASKS_QNAME
-
AUTZ_UI_TASKS_URL
- See Also:
-
AUTZ_UI_TASK_QNAME
-
AUTZ_UI_TASK_URL
- See Also:
-
AUTZ_UI_TASK_DETAIL_QNAME
-
AUTZ_UI_TASK_DETAIL_URL
- See Also:
-
AUTZ_UI_TASK_ADD_QNAME
-
AUTZ_UI_TASK_ADD_URL
- See Also:
-
AUTZ_UI_NODES_QNAME
-
AUTZ_UI_NODES_URL
- See Also:
-
AUTZ_UI_REPORTS_QNAME
-
AUTZ_UI_REPORTS_URL
- See Also:
-
AUTZ_UI_REPORT_QNAME
-
AUTZ_UI_REPORT_URL
- See Also:
-
AUTZ_UI_REPORTS_ALL_QNAME
-
AUTZ_UI_REPORTS_ALL_URL
- See Also:
-
AUTZ_UI_REPORTS_CREATED_REPORTS_QNAME
-
AUTZ_UI_REPORTS_CREATED_REPORTS_URL
- See Also:
-
AUTZ_UI_AUDIT_LOG_VIEWER_QNAME
-
AUTZ_UI_AUDIT_LOG_VIEWER_URL
- See Also:
-
AUTZ_UI_AUDIT_LOG_DETAILS_QNAME
-
AUTZ_UI_AUDIT_LOG_DETAILS_URL
- See Also:
-
AUTZ_UI_REPORTS_REPORT_CREATE_QNAME
-
AUTZ_UI_REPORTS_REPORT_CREATE_URL
- See Also:
-
AUTZ_UI_CASES_ALL_QNAME
-
AUTZ_UI_CASES_ALL_URL
- See Also:
-
AUTZ_UI_CASES_QNAME
-
AUTZ_UI_CASES_URL
- See Also:
-
AUTZ_UI_CASE_QNAME
-
AUTZ_UI_CASE_URL
- See Also:
-
AUTZ_UI_CASE_DETAILS_QNAME
-
AUTZ_UI_CASE_DETAILS_URL
- See Also:
-
AUTZ_UI_WORK_ITEMS_ALL_URL
- See Also:
-
AUTZ_UI_CERTIFICATION_DEFINITIONS_URL
- See Also:
-
AUTZ_UI_CERTIFICATION_DEFINITION_URL
- See Also:
-
AUTZ_UI_CERTIFICATION_NEW_DEFINITION_URL
- See Also:
-
AUTZ_UI_CERTIFICATION_CAMPAIGNS_URL
- See Also:
-
AUTZ_UI_CERTIFICATION_CAMPAIGN_URL
- See Also:
-
AUTZ_UI_CERTIFICATION_DECISIONS_URL
- See Also:
-
AUTZ_UI_MY_CERTIFICATION_DECISIONS_URL
- See Also:
-
AUTZ_UI_CERTIFICATION_ALL_QNAME
-
AUTZ_UI_CERTIFICATION_ALL_URL
- See Also:
-
AUTZ_UI_HOME_ALL_QNAME
-
AUTZ_UI_HOME_ALL_URL
- See Also:
-
AUTZ_UI_DASHBOARD_QNAME
-
AUTZ_UI_DASHBOARD_URL
- See Also:
-
AUTZ_UI_MY_PASSWORDS_QNAME
-
AUTZ_UI_MY_PASSWORDS_URL
- See Also:
-
AUTZ_UI_MY_QUESTIONS_QNAME
-
AUTZ_UI_MY_QUESTIONS_URL
- See Also:
-
AUTZ_UI_BULK_ACTION_QNAME
-
AUTZ_UI_BULK_ACTION_URL
- See Also:
-
AUTZ_UI_CONTACTS_QNAME
-
AUTZ_UI_CONTACTS_URL
- See Also:
-
AUTZ_UI_SELF_ALL_QNAME
-
AUTZ_UI_SELF_ALL_URL
- See Also:
-
AUTZ_UI_SELF_ASSIGNMENTS_QNAME
-
AUTZ_UI_SELF_ASSIGNMENTS_URL
- See Also:
-
AUTZ_UI_SELF_ASSIGNMENTS_CONFLICTS_QNAME
-
AUTZ_UI_SELF_ASSIGNMENTS_CONFLICTS_URL
- See Also:
-
AUTZ_UI_SELF_REQUESTS_ASSIGNMENTS_QNAME
-
AUTZ_UI_SELF_REQUESTS_ASSIGNMENTS_URL
- See Also:
-
AUTZ_UI_SELF_CREDENTIALS_QNAME
-
AUTZ_UI_SELF_CREDENTIALS_URL
- See Also:
-
AUTZ_UI_RESET_PASSWORD_URL
- See Also:
-
AUTZ_UI_IDENTITY_RECOVERY_URL
- See Also:
-
AUTZ_UI_SELF_CONSENTS_QNAME
-
AUTZ_UI_SELF_CONSENTS_URL
- See Also:
-
AUTZ_UI_SELF_PROFILE_QNAME
-
AUTZ_UI_SELF_PROFILE_URL
- See Also:
-
AUTZ_UI_SELF_ASSIGNMENT_DETAILS_QNAME
-
AUTZ_UI_SELF_ASSIGNMENT_DETAILS_URL
- See Also:
-
AUTZ_UI_SELF_DASHBOARD_QNAME
-
AUTZ_UI_SELF_DASHBOARD_URL
- See Also:
-
AUTZ_UI_SELF_POST_AUTHENTICATION_QNAME
-
AUTZ_UI_SELF_POST_AUTHENTICATION_URL
- See Also:
-
AUTZ_UI_SELF_REGISTRATION_FINISH_QNAME
-
AUTZ_UI_SELF_REGISTRATION_FINISH_URL
- See Also:
-
AUTZ_UI_INVITATION_URL
- See Also:
-
AUTZ_UI_PREVIEW_CHANGES_QNAME
-
AUTZ_UI_PREVIEW_CHANGES_URL
- See Also:
-
ANONYMOUS_USER_PRINCIPAL
- See Also:
-
AUTZ_UI_DELEGATE_ACTION_QNAME
-
AUTZ_UI_DELEGATE_ACTION_URL
-
AUTZ_UI_ADMIN_ASSIGN_ACTION_QNAME
-
AUTZ_UI_ADMIN_ASSIGN_ACTION_URI
-
AUTZ_UI_ADMIN_UNASSIGN_ACTION_QNAME
-
AUTZ_UI_ADMIN_UNASSIGN_ACTION_URI
-
AUTZ_UI_ADMIN_ASSIGN_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_ASSIGN_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_ADD_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_ADD_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_UNASSIGN_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_UNASSIGN_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_UNASSIGN_ALL_MEMBERS_ACTION_QNAME
-
AUTZ_UI_ADMIN_UNASSIGN_ALL_MEMBERS_TAB_ACTION_URI
-
AUTZ_UI_ADMIN_RECOMPUTE_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_RECOMPUTE_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_DELETE_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_DELETE_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_ASSIGN_GOVERNANCE_ACTION_QNAME
-
AUTZ_UI_ADMIN_ASSIGN_GOVERNANCE_ACTION_URI
-
AUTZ_UI_ADMIN_UNASSIGN_GOVERNANCE_ACTION_QNAME
-
AUTZ_UI_ADMIN_UNASSIGN_GOVERNANCE_ACTION_URI
-
AUTZ_UI_ADMIN_RECOMPUTE_GOVERNANCE_ACTION_QNAME
-
AUTZ_UI_ADMIN_RECOMPUTE_GOVERNANCE_ACTION_URI
-
AUTZ_UI_ADMIN_DELETE_GOVERNANCE_ACTION_QNAME
-
AUTZ_UI_ADMIN_DELETE_GOVERNANCE_ACTION_URI
-
AUTZ_UI_ADMIN_ADD_GOVERNANCE_ACTION_QNAME
-
AUTZ_UI_ADMIN_ADD_GOVERNANCE_ACTION_URI
-
AUTZ_UI_ADMIN_ASSIGN_ORG_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_ASSIGN_ORG_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_UNASSIGN_ORG_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_UNASSIGN_ORG_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_DELETE_ORG_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_DELETE_ORG_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_ADD_ORG_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_ADD_ORG_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_RECOMPUTE_ORG_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_RECOMPUTE_ORG_MEMBER_ACTION_URI
-
AUTZ_UI_ADMIN_ORG_MOVE_ACTION_QNAME
-
AUTZ_UI_ADMIN_ORG_MOVE_ACTION_URI
-
AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_QNAME
-
AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_URI
-
AUTZ_UI_ADMIN_ASSIGN_ARCHETYPE_MEMBER_ACTION_QNAME
-
AUTZ_UI_ADMIN_ASSIGN_ARCHETYPE_MEMBER_ACTION_URI
-
AUTZ_UI_ROLES_VIEW_QNAME
-
AUTZ_UI_ROLES_VIEW_URL
- See Also:
-
AUTZ_UI_SERVICES_VIEW_QNAME
-
AUTZ_UI_SERVICES_VIEW_URL
- See Also:
-
AUTZ_UI_ORGS_VIEW_QNAME
-
AUTZ_UI_ORGS_VIEW_URL
- See Also:
-
AUTZ_UI_ARCHETYPES_VIEW_QNAME
-
AUTZ_UI_ARCHETYPES_VIEW_URL
- See Also:
-
AUTZ_UI_MESSAGE_TEMPLATES_VIEW_QNAME
-
AUTZ_UI_MESSAGE_TEMPLATES_VIEW_URL
- See Also:
-
AUTZ_UI_CASES_VIEW_QNAME
-
AUTZ_UI_CASES_VIEW_URL
- See Also:
-
AUTZ_UI_RESOURCES_VIEW_QNAME
-
AUTZ_UI_RESOURCES_VIEW_URL
- See Also:
-
AUTZ_UI_TASKS_VIEW_QNAME
-
AUTZ_UI_TASKS_VIEW_URL
- See Also:
-
AUTZ_UI_REPORTS_VIEW_QNAME
-
AUTZ_UI_REPORTS_VIEW_URL
- See Also:
-
AUTZ_UI_ADMIN_CSV_EXPORT_ACTION_QNAME
-
AUTZ_UI_ADMIN_CSV_EXPORT_ACTION_URI
-
AUTZ_UI_ADMIN_CREATE_REPORT_BUTTON_QNAME
-
AUTZ_UI_ADMIN_CREATE_REPORT_BUTTON_URI
-
AUTZ_ACTUATOR_ALL_QNAME
-
AUTZ_ACTUATOR_ALL_URL
-
AUTZ_ACTUATOR_THREAD_DUMP_QNAME
-
AUTZ_ACTUATOR_THREAD_DUMP_URL
-
AUTZ_ACTUATOR_HEAP_DUMP_QNAME
-
AUTZ_ACTUATOR_HEAP_DUMP_URL
-
AUTZ_ACTUATOR_ENV_QNAME
-
AUTZ_ACTUATOR_ENV_URL
-
AUTZ_ACTUATOR_INFO_QNAME
-
AUTZ_ACTUATOR_INFO_URL
-
AUTZ_ACTUATOR_METRICS_QNAME
-
AUTZ_ACTUATOR_METRICS_URL
-
EXECUTION_ITEMS_ALLOWED_BY_DEFAULT
Those are the items that midPoint logic controls directly. They have exception from execution-phase authorization enforcement. Their modification in execution phase is always allowed. If it was not allowed then midPoint won't be able to function properly and it may even lead to security issues. Note: this applies only to execution phase. Those items are still controlled by regular authorizations for request phase. Therefore these exceptions do NOT allow user to modify those items. Attempt to do so must pass through request-phase authorization first. This exception only allows midPoint logic to modify those properties without explicit authorizations. Motivation: Strictly speaking, there would be no need for these exceptions. The modification can be allowed by regular authorizations. However, that would mean, that every practical authorization must contain those items. That is error-prone, it is a maintenance burden and it is even an obstacle for evolvability. E.g. if similar properties are added in future midPoint versions (which is likely) then all existing authorizations much be updated. The cost of slightly increased perceived security is not justified by those operational issues. -
OPERATIONAL_ITEMS_ALLOWED_FOR_CONTAINER_DELETE
Items that are not considered for authorization in case that the entire container is deleted. MidPoint will ignore those items when deleting containers. Motivation: Those items are automatically created and maintained by midPoint. When a container is created then such items are added. Now the trouble is how to delete such container. The user would need to have authorization to modify those items as well to delete a container value. However, such authorizations would allow him to also modify such values at will. We do not want that. This is important for some use cases, e.g. delete of a role exclusion policy rule. We want user to add/delete exclusion policy rules, but we do not want the user to manipulate the meta data. (also similar evolvability reasoning as forEXECUTION_ITEMS_ALLOWED_BY_DEFAULT)
-
-
Constructor Details
-
AuthorizationConstants
public AuthorizationConstants()
-