Table of Contents

Prp: permissions

Just like all the other parts of CzechIdM, what you can do within the property module is governed by permissions.

Default roles

The module comes with several preconfigured roles with permissions which you can easily use.

userRole

This is the role that every user implicitely has. By default, the user has permission to READ, COUNT, and AUTOCOMPLETE on the property assigned to them. They also have permission to AUTOCOMPLETE on sets.

Property set guarantor (setGuarantorRole)

This role is intended to be assigned to set guarantors. It allows to manage the sets for which they are the guarantors and make changes in every agenda. This means that they have permissions to CREATE, UPDATE or DELETE the property in their sets.

Property set manager (setManagerRole)

Think of this role as the set superAdmin. It is similar to the setGuarantorRole, but the user with this role has the permissions for all sets.

Evaluators

prp-property-by-identity-evaluator

This evaluator is used to ensure that users have the permissions for property which is assigned to users for whom they have permissions. Typically, this means the a user can see the property assigned to their subordinates.

prp-property-by-set-evaluator

This evaluator is used to ensure that users have the permissions for property which is a part of a set for which they have permissions.

prp-self-property-evaluator

This evaluator is used to ensure that users have the permissions for property which they have assigned.

prp-set-by-guarantor-evaluator

This evaluator is used to ensure that users have the permissions for sets for which they are a guarantor.

prp-set-guarantor-by-set-evaluator

This evaluator is used to ensure that users have the permissions for set guarantor (by identity) for a set for which they have permissions.

prp-set-guarantor-role-by-set-evaluator

This evaluator is used to ensure that users have the permissions for set guarantor (by role) for a set for which they have permissions.

prp-set-roles-by-set-evaluator

This evaluator is used to ensure that users have the permissions for set roles for a set for which they have permissions.