51 lines
15 KiB
Properties
51 lines
15 KiB
Properties
# -- base admin roles (AGOV specific role definition)
|
|
# ------------------------------------------------------
|
|
|
|
## user administrator (reduced rightd; CLIENT, UNIT and only URL ticket creation allowed)
|
|
nevisIdm.UserAdmin=ApplicationView,AuthorizationSearch,AuthorizationApplView,AuthorizationClientView,AuthorizationUnitView,AuthorizationView,ClientSearch,ClientView,CredentialChangeState.14,CredentialCreate.14,CredentialSearch,CredentialView,EntityAttributeAccessOverride,ProfileCreate,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitSearch,UnitView,UserCreate,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,CollectionView,GenerateReport,SearchResultsExport,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
|
|
|
|
## user and unit administrator (same as above + unit mgmt; CLIENT, UNIT)
|
|
nevisIdm.UserAndUnitAdmin=ApplicationView,AuthorizationSearch,AuthorizationApplView,AuthorizationClientView,AuthorizationUnitView,AuthorizationView,ClientSearch,ClientView,CredentialChangeState,CredentialCreate,CredentialSearch,CredentialView,EntityAttributeAccessOverride,ProfileCreate,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitCreate,UnitDelete,UnitModify,UnitSearch,UnitView,UserCreate,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,CollectionView,GenerateReport,SearchResultsExport,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
|
|
|
|
|
|
## General read-only access (CLIENT,UNIT,APPL)
|
|
nevisIdm.Helpdesk=UserSearch,UserView,ProfileSearch,ProfileView,CredentialSearch,CredentialView,UnitSearch,UnitView,ApplicationSearch,ApplicationView,RoleSearch,RoleView,AuthorizationSearch,AuthorizationView,AuthorizationApplView,AuthorizationApplSearch,AuthorizationUnitSearch,AuthorizationUnitView,PropertySearch,PropertyAllowedValueSearch,PropertyValueSearch,ClientSearch,ClientView,SearchResultsExport,ClientApplView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,HistoryView
|
|
|
|
## Basic L2 Task (Modify User; CLIENT,UNIT)
|
|
nevisIdm.TemplateAdmin=ApplicationSearch,ApplicationView,AuthorizationApplSearch,AuthorizationApplView,AuthorizationClientView,AuthorizationSearch,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,ClientApplView,ClientSearch,ClientView,CollectionView,CredentialSearch,CredentialView,EntityAttributeAccessOverride,GenerateReport,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyAttributeAccessOverride,PropertySearch,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,SearchResultsExport,UnitSearch,UnitView,UserModify,UserSearch,UserView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,HistoryView
|
|
|
|
## Management of Application Access (CLIENT, UNIT, APPL)
|
|
nevisIdm.AppOwner=ApplicationSearch,ApplicationView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationView,ClientApplView,ClientSearch,ClientView,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitSearch,UnitView,UserSearch,UserView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
|
|
|
|
## Management of base-date changes in nevisIdm (non user related; CLIENT)
|
|
nevisIdm.AppAdmin=ApplicationCreate,ApplicationModify,ApplicationSearch,ApplicationView,BatchJobExecute,BatchJobView,ClientCreate,ClientModify,ClientApplAssign,ClientApplView,ClientSearch,ClientView,EntityAttributeAccessOverride,PersistentQueueRetry,PersistentQueueDelete,PersistentQueueView,PolicyConfigurationCreate,PolicyConfigurationModify,PolicyConfigurationSearch,PolicyConfigurationView,PropertyAllowedValueCreate,PropertyAllowedValueDelete,PropertyAllowedValueModify,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyCreate,PropertyDelete,PropertyModify,PropertySearch,PropertyValueSearch,PropertyValueView,PropertyView,RoleCreate,RoleDelete,RoleModify,RoleSearch,RoleView,UnitCreate,UnitCreateTopUnit,UnitDelete,UnitModify,UnitSearch,UnitView,PropertyAttributeAccessOverride,HistoryView,TemplateStore,CollectionView,CollectionCreate,CollectionModify,CollectionDelete,TemplateView,TemplateCreate,TemplateModify,TemplateDelete,TemplateTextView,TemplateTextCreate,TemplateTextModify,TemplateTextDelete,UnitCredPolicyView,UnitCredPolicyCreate,UnitCredPolicyDelete
|
|
|
|
# -- Priviledged admin roles (AGOV specific role definition)
|
|
# ------------------------------------------------------
|
|
|
|
## Assign IDM User and Account management roles (CLIENT)
|
|
nevisIdm.EnterpriseRoleAdmin=ApplicationSearch,ApplicationView,AuthorizationApplSearch,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationView,ClientApplView,ClientSearch,ClientView,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitCredPolicyView,UnitSearch,UnitView,UserSearch,UserView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
|
|
|
|
|
|
|
|
## Archive User and Profiles (CLIENT)
|
|
nevisIdm.ClientRoot=ApplicationSearch,ApplicationView,AuthorizationDelete,AuthorizationSearch,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,ClientApplView,ClientSearch,ClientView,CredentialChangeState,CredentialDelete,CredentialSearch,CredentialView,EntityAttributeAccessOverride,ProfileArchive,ProfileDelete,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueDelete,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitSearch,UnitView,UserArchive,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,HistoryView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,HistoryView
|
|
|
|
|
|
# -- Root and tech user roles, in use with AGOV (definition as in product default)
|
|
# ------------------------------------------------------
|
|
## Super-user role over all clients (GLOBAL)
|
|
nevisIdm.Root=ApplicationCreate,ApplicationDelete,ApplicationModify,ApplicationSearch,ApplicationView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,BatchJobExecute,BatchJobView,ClientCreate,ClientDelete,ClientModify,ClientApplAssign,ClientApplDelete,ClientApplView,ClientSearch,ClientView,CredentialChangeState,CredentialCreate,CredentialDelete,CredentialModify,CredentialSearch,CredentialView,EntityAttributeAccessOverride,PersistentQueueRetry,PersistentQueueDelete,PersistentQueueView,PolicyConfigurationCreate,PolicyConfigurationDelete,PolicyConfigurationModify,PolicyConfigurationSearch,PolicyConfigurationView,ProfileArchive,ProfileCreate,ProfileDelete,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueCreate,PropertyAllowedValueDelete,PropertyAllowedValueModify,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyCreate,PropertyDelete,PropertyModify,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleCreate,RoleDelete,RoleModify,RoleSearch,RoleView,SelfAdmin,UnitCreate,UnitCreateTopUnit,UnitDelete,UnitModify,UnitSearch,UnitView,UserArchive,UserCreate,UserDelete,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,HistoryView,LoginIdOverride,TemplateStore,CollectionView,CollectionCreate,CollectionModify,CollectionDelete,TemplateView,TemplateCreate,TemplateModify,TemplateDelete,TemplateTextView,TemplateTextCreate,TemplateTextModify,TemplateTextDelete,GenerateReport,SearchResultsExport,CredentialViewPlainValue,DeputyCreate,DeputyDelete,UnitCredPolicyView,UnitCredPolicyCreate,UnitCredPolicyDelete,UserCreateTechUser,UserModifyTechUser,UserDeleteTechUser,UserArchiveTechUser,CredentialPdfView,EnterpriseAuthorizationCreate,EnterpriseAuthorizationDelete,EnterpriseAuthorizationModify,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleCreate,AuthorizationEnterpriseRoleDelete,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleCreate,EnterpriseRoleModify,EnterpriseRoleDelete,EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberCreate,EnterpriseRoleMemberDelete,EnterpriseRoleMemberSearch,PersonalQuestionSearch,PersonalQuestionView,PersonalQuestionCreate,PersonalQuestionModify,PersonalQuestionDelete,LoginIdModify,TermsView,TermsCreate,TermsModify,TermsDelete,ConsentCreate,ConsentView
|
|
## technical web service users (CLIENT,UNIT,APPL)
|
|
nevisIdm.SoapTechAccess=ApplicationCreate,ApplicationDelete,ApplicationModify,ApplicationSearch,ApplicationView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,BatchJobExecute,BatchJobView,ClientCreate,ClientDelete,ClientModify,ClientApplAssign,ClientApplDelete,ClientApplView,ClientSearch,ClientView,CredentialChangeState,CredentialCreate,CredentialDelete,CredentialModify,CredentialSearch,CredentialView,PersistentQueueRetry,PersistentQueueDelete,PersistentQueueView,PolicyConfigurationCreate,PolicyConfigurationDelete,PolicyConfigurationModify,PolicyConfigurationSearch,PolicyConfigurationView,ProfileArchive,ProfileCreate,ProfileDelete,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueCreate,PropertyAllowedValueDelete,PropertyAllowedValueModify,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyCreate,PropertyDelete,PropertyModify,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleCreate,RoleDelete,RoleModify,RoleSearch,RoleView,SelfAdmin,UnitCreate,UnitCreateTopUnit,UnitDelete,UnitModify,UnitSearch,UnitView,UserArchive,UserCreate,UserDelete,UserModify,UserSearch,UserView,TemplateStore,CollectionView,CollectionCreate,CollectionModify,CollectionDelete,TemplateView,TemplateCreate,TemplateModify,TemplateDelete,TemplateTextView,TemplateTextCreate,TemplateTextModify,TemplateTextDelete,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,CredentialViewPlainValue,UnitCredPolicyView,UnitCredPolicyCreate,UnitCredPolicyDelete,EnterpriseAuthorizationCreate,EnterpriseAuthorizationDelete,EnterpriseAuthorizationModify,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleCreate,AuthorizationEnterpriseRoleDelete,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleCreate,EnterpriseRoleModify,EnterpriseRoleDelete,EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberCreate,EnterpriseRoleMemberDelete,EnterpriseRoleMemberSearch,HistoryView,PersonalQuestionSearch,PersonalQuestionView,PersonalQuestionCreate,PersonalQuestionModify,PersonalQuestionDelete,LoginIdModify,ConsentCreate,ConsentView
|
|
## technical web service user with ReadOnly access (CLIENT,UNIT,APPL)
|
|
nevisIdm.SoapTechAccessReadOnly=ApplicationSearch,ApplicationView,AuthorizationSearch,AuthorizationApplSearch,AuthorizationApplView,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,ClientApplView,ClientSearch,ClientView,CredentialSearch,CredentialView,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,SelfAdmin,UnitSearch,UnitView,UserSearch,UserView,TemplateStore,CollectionView,TemplateView,TemplateTextView,PersistentQueueView,PolicyConfigurationSearch,PolicyConfigurationView,AuthorizationClientSearch,AuthorizationClientView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberSearch,HistoryView,PersonalQuestionSearch,PersonalQuestionView
|
|
|
|
# -- not used by AGOV (definition as in product default)
|
|
# ------------------------------------------------------
|
|
nevisIdm.EnterpriseRoleOwner=EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberSearch,EnterpriseAuthorizationCreate,EnterpriseAuthorizationDelete,EnterpriseAuthorizationModify,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,AuthorizationSearch,AuthorizationView,ClientSearch,ClientView,UserSearch,UserView,ProfileSearch,ProfileView,UnitSearch,ApplicationSearch,ApplicationView,RoleSearch,RoleView,CollectionView,PropertySearch,PropertyView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyValueSearch,PropertyValueView,SearchResultsExport,PersonalQuestionSearch,PersonalQuestionView
|
|
nevisIdm.Impersonator=
|
|
nevisIdm.MainAppOwner=ApplicationSearch,ApplicationView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,UnitSearch,AuthorizationUnitSearch,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationView,ProfileSearch,ProfileView,UserSearch,UserView,RoleView,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,CollectionView,ClientSearch,ClientView,SearchResultsExport,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,ClientApplView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleSearch,PersonalQuestionSearch,PersonalQuestionView,TermsView,TermsCreate,TermsModify,TermsDelete
|
|
nevisIdm.SelfAdmin=SelfAdmin,LoginIdModify
|
|
nevisIdm.TechUser=
|