How to configure and use product form projection is described in tutorial.
How to register new form projection type is described in devel guide.
Configuration
Available configuration properties
In the application profile (application.properties) and overloadable via ConfigurationService.
# show default form for newly created user
# default form can be disabled => at least one configured form projection is needed
idm.pub.app.show.identity.formProjection.default=true
#
# default password change type for custom users, one of values:
# DISABLED - password change is disable
# ALL_ONLY - users can change passwords only for all accounts
# CUSTOM - users can choose for which accounts change password
# Needed on FE (=> public)
idm.pub.core.identity.passwordChange=CUSTOM
Authorization policies
Administrator
Aministrator for create, edit and delete configured form projection.
Permission to autocomplete and read form definitions: Forms - definitions (IdmFormDefiniton) | View in select box (autocomplete), Read | BasePermissionEvaluator
Permission to autocomplete and read form attributes: Forms - attributes (IdmFormAttribute) | - | FormAttributteByDefinitionEvaluator
Permission to admin form projections: Forms - projections (IdmFormProjection) | Administration (all) | BasePermissionEvaluator
Manager
Manager for create and edit user with form projection usage with all features enabled.
User detail with form projection usage can be saved (save button is shown), when logged user can update selected user.
Permission to work with identities: Users (IdmIdentity) | View in select box (autocomplete), Create, Read, Update, Change roles, Change user type (projection), Password change | BasePermissionEvaluator
Permission to read contracts according to identity: Industrial relations (IdmIdentityContract) | - | IdentityContractByIdentityEvaluator
Permission to read other contract positions according to contract: Other contract positions (IdmContractPosition) | - | ContractPositionByIdentityContractEvaluator
Permission to read the assigned identity roles: Roles assigned to users (IdmIdentityRole)| - | IdentityRoleByIdentityEvaluator
Permission to request roles (which can be requested): Role (IdmRole) | Can be requested | RoleCanBeRequestedEvaluator
Permission to read role requests according to identity: Requests for assigned roles (IdmRoleRequest) | - | RoleRequestByIdentityEvaluator
Permission to autocomplete form projections: Forms - projections(IdmFormProjection) | View in select box (autocomplete) | BasePermissionEvaluator
Permission to autocomplete form definitions: Forms - projections(IdmFormProjection) | View in select box (autocomplete) | BasePermissionEvaluator
Permission to read and update all identity attributes in main definition: Forms - values (IdmIdentityFormValue) | View in select box (autocomplete) | IdentityFormValueEvaluator
Permission to read and update all contract attributes in main definition: Forms - values (IdmIdentityContractFormValue) | View in select box (autocomplete) | IdentityContractFormValueEvaluator
Enabling the autocomplete for entities:
Role (IdmRole) | Displaying in autocomplete, selections | BasePermissionEvaluator
Structure types (IdmTreeType) | View in select box (autocomplete) | BasePermissionEvaluator
Tree nodes (IdmTreeNode) | View in select box (autocomplete) | BasePermissionEvaluator
Accounts (AccAccount) | - | ReadAccountByIdentityEvaluator (← use this only when using acc module)
Identity accounts (AccIdentityAccount) | - | IdentityAccountByAccountEvaluator (← use this only when using acc module)
Manager - create and edit identity only
Manager for create and edit user with form projection usage only (simplest setting).
Permission to work with identities: Users (IdmIdentity) | Create, Read, Update | BasePermissionEvaluator
Permission to autocomplete form projections: Forms - projections(IdmFormDefiniton) | View in select box (autocomplete) | BasePermissionEvaluator
Normal user
Other user doesn't need any additional autorization policy configuration. Form projection is saved together with user and when user detail is shown, then this projection is used.
Localization
Two projections are localized by default in product. If projection with code identity-externe
or identity-internal
will be configured, then localization will be used.
Localization can be added or changed by developer, read more in devel guide
Tips
Skip user dashboard
If we want to show user detail immediatelly (skip user dasboard or skip info card), we can hold ctrl
key when clicking on user link (or info card).
Admin tutorials
Devel guide