Class AuthorizationConstants


  • public class AuthorizationConstants
    extends Object
    Author:
    semancik
    • Field Detail

      • AUTZ_ALL_QNAME

        public static final QName AUTZ_ALL_QNAME
      • AUTZ_ALL_URL

        public static final String AUTZ_ALL_URL
      • AUTZ_REST_ALL_QNAME

        public static final QName AUTZ_REST_ALL_QNAME
        Authorization to access all REST operations (web resources). This does NOT grant proxy authorization. It just gives access to all the REST API operations. It does not automatically allow access to the data. Additional data-level authorizations must be in place for most REST operations to be executed.
      • AUTZ_REST_ALL_URL

        public static final String AUTZ_REST_ALL_URL
      • AUTZ_REST_PROXY_QNAME

        public static final QName AUTZ_REST_PROXY_QNAME
        Authorization for a proxy user. The proxy user may impersonate other users. Special HTTP header may be used to switch the identity without additional authentication.
      • AUTZ_REST_PROXY_URL

        public static final String AUTZ_REST_PROXY_URL
      • AUTZ_WS_ALL_QNAME

        public static final QName AUTZ_WS_ALL_QNAME
      • AUTZ_WS_ALL_URL

        public static final String AUTZ_WS_ALL_URL
      • AUTZ_DENY_ALL_QNAME

        public static final QName AUTZ_DENY_ALL_QNAME
      • AUTZ_DENY_ALL_URL

        public static final String AUTZ_DENY_ALL_URL
      • AUTZ_GUI_ALL_QNAME

        public static final QName AUTZ_GUI_ALL_QNAME
      • AUTZ_GUI_ALL_URL

        public static final String AUTZ_GUI_ALL_URL
      • AUTZ_GUI_ALL_DEPRECATED_QNAME

        @Deprecated
        public static final QName AUTZ_GUI_ALL_DEPRECATED_QNAME
        Deprecated.
      • AUTZ_GUI_ALL_DEPRECATED_URL

        @Deprecated
        public static final String AUTZ_GUI_ALL_DEPRECATED_URL
        Deprecated.
      • AUTZ_UI_USERS_ALL_QNAME

        public static final QName AUTZ_UI_USERS_ALL_QNAME
      • AUTZ_UI_USERS_QNAME

        public static final QName AUTZ_UI_USERS_QNAME
      • AUTZ_UI_USERS_VIEW_QNAME

        public static final QName AUTZ_UI_USERS_VIEW_QNAME
      • AUTZ_UI_FIND_USERS_QNAME

        public static final QName AUTZ_UI_FIND_USERS_QNAME
      • AUTZ_UI_USER_QNAME

        public static final QName AUTZ_UI_USER_QNAME
      • AUTZ_UI_USER_HISTORY_QNAME

        public static final QName AUTZ_UI_USER_HISTORY_QNAME
      • AUTZ_UI_ORG_UNIT_HISTORY_QNAME

        public static final QName AUTZ_UI_ORG_UNIT_HISTORY_QNAME
      • AUTZ_UI_ROLE_HISTORY_QNAME

        public static final QName AUTZ_UI_ROLE_HISTORY_QNAME
      • AUTZ_UI_SERVICE_HISTORY_QNAME

        public static final QName AUTZ_UI_SERVICE_HISTORY_QNAME
      • AUTZ_UI_USER_HISTORY_XML_REVIEW_QNAME

        public static final QName AUTZ_UI_USER_HISTORY_XML_REVIEW_QNAME
      • AUTZ_UI_USER_DETAILS_QNAME

        public static final QName AUTZ_UI_USER_DETAILS_QNAME
      • AUTZ_UI_MERGE_OBJECTS_QNAME

        public static final QName AUTZ_UI_MERGE_OBJECTS_QNAME
      • AUTZ_UI_ORG_STRUCT_QNAME

        public static final QName AUTZ_UI_ORG_STRUCT_QNAME
      • AUTZ_UI_ORG_ALL_QNAME

        public static final QName AUTZ_UI_ORG_ALL_QNAME
      • AUTZ_UI_ORG_TREE_QNAME

        public static final QName AUTZ_UI_ORG_TREE_QNAME
      • AUTZ_UI_ORG_UNIT_QNAME

        public static final QName AUTZ_UI_ORG_UNIT_QNAME
      • AUTZ_UI_SERVICES_ALL_QNAME

        public static final QName AUTZ_UI_SERVICES_ALL_QNAME
      • AUTZ_UI_SERVICES_QNAME

        public static final QName AUTZ_UI_SERVICES_QNAME
      • AUTZ_UI_SERVICE_QNAME

        public static final QName AUTZ_UI_SERVICE_QNAME
      • AUTZ_UI_ARCHETYPES_ALL_QNAME

        public static final QName AUTZ_UI_ARCHETYPES_ALL_QNAME
      • AUTZ_UI_ARCHETYPES_QNAME

        public static final QName AUTZ_UI_ARCHETYPES_QNAME
      • AUTZ_UI_ARCHETYPE_QNAME

        public static final QName AUTZ_UI_ARCHETYPE_QNAME
      • AUTZ_UI_VALUE_POLICIES_ALL_QNAME

        public static final QName AUTZ_UI_VALUE_POLICIES_ALL_QNAME
      • AUTZ_UI_VALUE_POLICIES_QNAME

        public static final QName AUTZ_UI_VALUE_POLICIES_QNAME
      • AUTZ_UI_VALUE_POLICY_QNAME

        public static final QName AUTZ_UI_VALUE_POLICY_QNAME
      • AUTZ_UI_RESOURCES_ALL_QNAME

        public static final QName AUTZ_UI_RESOURCES_ALL_QNAME
      • AUTZ_UI_RESOURCES_QNAME

        public static final QName AUTZ_UI_RESOURCES_QNAME
      • AUTZ_UI_CONNECTOR_HOSTS_ALL_QNAME

        public static final QName AUTZ_UI_CONNECTOR_HOSTS_ALL_QNAME
      • AUTZ_UI_RESOURCE_QNAME

        public static final QName AUTZ_UI_RESOURCE_QNAME
      • AUTZ_UI_RESOURCE_DETAILS_QNAME

        public static final QName AUTZ_UI_RESOURCE_DETAILS_QNAME
      • AUTZ_UI_RESOURCE_EDIT_QNAME

        public static final QName AUTZ_UI_RESOURCE_EDIT_QNAME
      • AUTZ_UI_RESOURCES_ACCOUNT_QNAME

        public static final QName AUTZ_UI_RESOURCES_ACCOUNT_QNAME
      • AUTZ_UI_RESOURCES_CONTENT_ACCOUNTS_QNAME

        public static final QName AUTZ_UI_RESOURCES_CONTENT_ACCOUNTS_QNAME
      • AUTZ_UI_RESOURCES_CONTENT_ACCOUNTS_URL

        public static final String AUTZ_UI_RESOURCES_CONTENT_ACCOUNTS_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_RESOURCES_CONTENT_ENTITLEMENTS_QNAME

        public static final QName AUTZ_UI_RESOURCES_CONTENT_ENTITLEMENTS_QNAME
      • AUTZ_UI_RESOURCES_CONTENT_ENTITLEMENTS_URL

        public static final String AUTZ_UI_RESOURCES_CONTENT_ENTITLEMENTS_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_CONFIGURATION_ALL_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_ALL_QNAME
      • AUTZ_UI_CONFIGURATION_ABOUT_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_ABOUT_QNAME
      • AUTZ_UI_CONFIGURATION_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_QNAME
      • AUTZ_UI_CONFIGURATION_DEBUG_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_DEBUG_QNAME
      • AUTZ_UI_CONFIGURATION_DEBUGS_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_DEBUGS_QNAME
      • AUTZ_UI_CONFIGURATION_IMPORT_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_IMPORT_QNAME
      • AUTZ_UI_CONFIGURATION_LOGGING_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_LOGGING_QNAME
      • AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_QNAME
      • AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_URL

        public static final String AUTZ_UI_CONFIGURATION_SYSTEM_CONFIG_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_CONFIGURATION_INTERNALS_QNAME

        public static final QName AUTZ_UI_CONFIGURATION_INTERNALS_QNAME
      • AUTZ_UI_CONFIGURATION_REPOSITORY_QUERY

        public static final QName AUTZ_UI_CONFIGURATION_REPOSITORY_QUERY
      • AUTZ_UI_CONFIGURATION_REPOSITORY_QUERY_URL

        public static final String AUTZ_UI_CONFIGURATION_REPOSITORY_QUERY_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_CONFIGURATION_EVALUATE_MAPPING

        public static final QName AUTZ_UI_CONFIGURATION_EVALUATE_MAPPING
      • AUTZ_UI_CONFIGURATION_EVALUATE_MAPPING_URL

        public static final String AUTZ_UI_CONFIGURATION_EVALUATE_MAPPING_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_ROLES_ALL_QNAME

        public static final QName AUTZ_UI_ROLES_ALL_QNAME
      • AUTZ_UI_ROLES_QNAME

        public static final QName AUTZ_UI_ROLES_QNAME
      • AUTZ_UI_ROLE_QNAME

        public static final QName AUTZ_UI_ROLE_QNAME
      • AUTZ_UI_ROLE_DETAILS_QNAME

        public static final QName AUTZ_UI_ROLE_DETAILS_QNAME
      • AUTZ_UI_TASKS_ALL_QNAME

        public static final QName AUTZ_UI_TASKS_ALL_QNAME
      • AUTZ_UI_TASKS_QNAME

        public static final QName AUTZ_UI_TASKS_QNAME
      • AUTZ_UI_TASK_QNAME

        public static final QName AUTZ_UI_TASK_QNAME
      • AUTZ_UI_TASK_DETAIL_QNAME

        public static final QName AUTZ_UI_TASK_DETAIL_QNAME
      • AUTZ_UI_TASK_ADD_QNAME

        public static final QName AUTZ_UI_TASK_ADD_QNAME
      • AUTZ_UI_REPORTS_QNAME

        public static final QName AUTZ_UI_REPORTS_QNAME
      • AUTZ_UI_REPORT_QNAME

        public static final QName AUTZ_UI_REPORT_QNAME
      • AUTZ_UI_REPORTS_ALL_QNAME

        public static final QName AUTZ_UI_REPORTS_ALL_QNAME
      • AUTZ_UI_REPORTS_CREATED_REPORTS_QNAME

        public static final QName AUTZ_UI_REPORTS_CREATED_REPORTS_QNAME
      • AUTZ_UI_AUDIT_LOG_VIEWER_QNAME

        public static final QName AUTZ_UI_AUDIT_LOG_VIEWER_QNAME
      • AUTZ_UI_REPORTS_REPORT_CREATE_QNAME

        public static final QName AUTZ_UI_REPORTS_REPORT_CREATE_QNAME
      • AUTZ_UI_CASES_ALL_QNAME

        public static final QName AUTZ_UI_CASES_ALL_QNAME
      • AUTZ_UI_CASES_QNAME

        public static final QName AUTZ_UI_CASES_QNAME
      • AUTZ_UI_CASE_QNAME

        public static final QName AUTZ_UI_CASE_QNAME
      • AUTZ_UI_CASE_DETAILS_QNAME

        public static final QName AUTZ_UI_CASE_DETAILS_QNAME
      • AUTZ_UI_CERTIFICATION_DEFINITIONS_URL

        public static final String AUTZ_UI_CERTIFICATION_DEFINITIONS_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_CERTIFICATION_DEFINITION_URL

        public static final String AUTZ_UI_CERTIFICATION_DEFINITION_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_CERTIFICATION_NEW_DEFINITION_URL

        public static final String AUTZ_UI_CERTIFICATION_NEW_DEFINITION_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_CERTIFICATION_ALL_QNAME

        public static final QName AUTZ_UI_CERTIFICATION_ALL_QNAME
      • AUTZ_UI_HOME_ALL_QNAME

        public static final QName AUTZ_UI_HOME_ALL_QNAME
      • AUTZ_UI_DASHBOARD_QNAME

        public static final QName AUTZ_UI_DASHBOARD_QNAME
      • AUTZ_UI_MY_PASSWORDS_QNAME

        public static final QName AUTZ_UI_MY_PASSWORDS_QNAME
      • AUTZ_UI_MY_QUESTIONS_QNAME

        public static final QName AUTZ_UI_MY_QUESTIONS_QNAME
      • AUTZ_UI_BULK_ACTION_QNAME

        public static final QName AUTZ_UI_BULK_ACTION_QNAME
      • AUTZ_UI_CONTACTS_QNAME

        public static final QName AUTZ_UI_CONTACTS_QNAME
      • AUTZ_UI_SELF_ALL_QNAME

        public static final QName AUTZ_UI_SELF_ALL_QNAME
      • AUTZ_UI_SELF_ASSIGNMENTS_QNAME

        public static final QName AUTZ_UI_SELF_ASSIGNMENTS_QNAME
      • AUTZ_UI_SELF_ASSIGNMENTS_CONFLICTS_QNAME

        public static final QName AUTZ_UI_SELF_ASSIGNMENTS_CONFLICTS_QNAME
      • AUTZ_UI_SELF_ASSIGNMENTS_CONFLICTS_URL

        public static final String AUTZ_UI_SELF_ASSIGNMENTS_CONFLICTS_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_SELF_REQUESTS_ASSIGNMENTS_QNAME

        public static final QName AUTZ_UI_SELF_REQUESTS_ASSIGNMENTS_QNAME
      • AUTZ_UI_SELF_REQUESTS_ASSIGNMENTS_URL

        public static final String AUTZ_UI_SELF_REQUESTS_ASSIGNMENTS_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_SELF_CREDENTIALS_QNAME

        public static final QName AUTZ_UI_SELF_CREDENTIALS_QNAME
      • AUTZ_UI_SELF_CONSENTS_QNAME

        public static final QName AUTZ_UI_SELF_CONSENTS_QNAME
      • AUTZ_UI_SELF_PROFILE_QNAME

        public static final QName AUTZ_UI_SELF_PROFILE_QNAME
      • AUTZ_UI_SELF_ASSIGNMENT_SHOP_KART_QNAME

        public static final QName AUTZ_UI_SELF_ASSIGNMENT_SHOP_KART_QNAME
      • AUTZ_UI_SELF_ASSIGNMENT_SHOP_KART_URL

        public static final String AUTZ_UI_SELF_ASSIGNMENT_SHOP_KART_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_SELF_ASSIGNMENT_DETAILS_QNAME

        public static final QName AUTZ_UI_SELF_ASSIGNMENT_DETAILS_QNAME
      • AUTZ_UI_SELF_DASHBOARD_QNAME

        public static final QName AUTZ_UI_SELF_DASHBOARD_QNAME
      • AUTZ_UI_SELF_POST_AUTHENTICATION_QNAME

        public static final QName AUTZ_UI_SELF_POST_AUTHENTICATION_QNAME
      • AUTZ_UI_SELF_POST_AUTHENTICATION_URL

        public static final String AUTZ_UI_SELF_POST_AUTHENTICATION_URL
        See Also:
        Constant Field Values
      • AUTZ_UI_DELEGATE_ACTION_QNAME

        public static final QName AUTZ_UI_DELEGATE_ACTION_QNAME
      • AUTZ_UI_DELEGATE_ACTION_URL

        public static final String AUTZ_UI_DELEGATE_ACTION_URL
      • AUTZ_UI_ADMIN_ASSIGN_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ASSIGN_ACTION_QNAME
      • AUTZ_UI_ADMIN_ASSIGN_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ASSIGN_ACTION_URI
      • AUTZ_UI_ADMIN_UNASSIGN_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_UNASSIGN_ACTION_QNAME
      • AUTZ_UI_ADMIN_UNASSIGN_ACTION_URI

        public static final String AUTZ_UI_ADMIN_UNASSIGN_ACTION_URI
      • AUTZ_UI_ADMIN_ASSIGN_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ASSIGN_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_ASSIGN_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ASSIGN_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_ADD_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ADD_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_ADD_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ADD_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_UNASSIGN_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_UNASSIGN_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_UNASSIGN_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_UNASSIGN_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_UNASSIGN_ALL_MEMBERS_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_UNASSIGN_ALL_MEMBERS_ACTION_QNAME
      • AUTZ_UI_ADMIN_UNASSIGN_ALL_MEMBERS_TAB_ACTION_URI

        public static final String AUTZ_UI_ADMIN_UNASSIGN_ALL_MEMBERS_TAB_ACTION_URI
      • AUTZ_UI_ADMIN_RECOMPUTE_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_RECOMPUTE_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_RECOMPUTE_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_RECOMPUTE_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_DELETE_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_DELETE_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_DELETE_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_DELETE_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_ASSIGN_GOVERNANCE_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ASSIGN_GOVERNANCE_ACTION_QNAME
      • AUTZ_UI_ADMIN_ASSIGN_GOVERNANCE_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ASSIGN_GOVERNANCE_ACTION_URI
      • AUTZ_UI_ADMIN_UNASSIGN_GOVERNANCE_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_UNASSIGN_GOVERNANCE_ACTION_QNAME
      • AUTZ_UI_ADMIN_UNASSIGN_GOVERNANCE_ACTION_URI

        public static final String AUTZ_UI_ADMIN_UNASSIGN_GOVERNANCE_ACTION_URI
      • AUTZ_UI_ADMIN_RECOMPUTE_GOVERNANCE_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_RECOMPUTE_GOVERNANCE_ACTION_QNAME
      • AUTZ_UI_ADMIN_RECOMPUTE_GOVERNANCE_ACTION_URI

        public static final String AUTZ_UI_ADMIN_RECOMPUTE_GOVERNANCE_ACTION_URI
      • AUTZ_UI_ADMIN_DELETE_GOVERNANCE_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_DELETE_GOVERNANCE_ACTION_QNAME
      • AUTZ_UI_ADMIN_DELETE_GOVERNANCE_ACTION_URI

        public static final String AUTZ_UI_ADMIN_DELETE_GOVERNANCE_ACTION_URI
      • AUTZ_UI_ADMIN_ADD_GOVERNANCE_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ADD_GOVERNANCE_ACTION_QNAME
      • AUTZ_UI_ADMIN_ADD_GOVERNANCE_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ADD_GOVERNANCE_ACTION_URI
      • AUTZ_UI_ADMIN_ASSIGN_ORG_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ASSIGN_ORG_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_ASSIGN_ORG_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ASSIGN_ORG_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_UNASSIGN_ORG_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_UNASSIGN_ORG_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_UNASSIGN_ORG_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_UNASSIGN_ORG_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_DELETE_ORG_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_DELETE_ORG_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_DELETE_ORG_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_DELETE_ORG_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_ADD_ORG_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ADD_ORG_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_ADD_ORG_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ADD_ORG_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_RECOMPUTE_ORG_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_RECOMPUTE_ORG_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_RECOMPUTE_ORG_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_RECOMPUTE_ORG_MEMBER_ACTION_URI
      • AUTZ_UI_ADMIN_ORG_MOVE_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ORG_MOVE_ACTION_QNAME
      • AUTZ_UI_ADMIN_ORG_MOVE_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ORG_MOVE_ACTION_URI
      • AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_QNAME
      • AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ORG_MAKE_ROOT_ACTION_URI
      • AUTZ_UI_ADMIN_ASSIGN_ARCHETYPE_MEMBER_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_ASSIGN_ARCHETYPE_MEMBER_ACTION_QNAME
      • AUTZ_UI_ADMIN_ASSIGN_ARCHETYPE_MEMBER_ACTION_URI

        public static final String AUTZ_UI_ADMIN_ASSIGN_ARCHETYPE_MEMBER_ACTION_URI
      • AUTZ_UI_ROLES_VIEW_QNAME

        public static final QName AUTZ_UI_ROLES_VIEW_QNAME
      • AUTZ_UI_SERVICES_VIEW_QNAME

        public static final QName AUTZ_UI_SERVICES_VIEW_QNAME
      • AUTZ_UI_ARCHETYPES_VIEW_QNAME

        public static final QName AUTZ_UI_ARCHETYPES_VIEW_QNAME
      • AUTZ_UI_CASES_VIEW_QNAME

        public static final QName AUTZ_UI_CASES_VIEW_QNAME
      • AUTZ_UI_RESOURCES_VIEW_QNAME

        public static final QName AUTZ_UI_RESOURCES_VIEW_QNAME
      • AUTZ_UI_ADMIN_CSV_EXPORT_ACTION_QNAME

        public static final QName AUTZ_UI_ADMIN_CSV_EXPORT_ACTION_QNAME
      • AUTZ_UI_ADMIN_CSV_EXPORT_ACTION_URI

        public static final String AUTZ_UI_ADMIN_CSV_EXPORT_ACTION_URI
      • EXECUTION_ITEMS_ALLOWED_BY_DEFAULT

        public static final Collection<ItemPath> EXECUTION_ITEMS_ALLOWED_BY_DEFAULT
        Those are the items that midPoint logic controls directly. They have exception from execution-phase authorization enforcement. Their modification in execution phase is always allowed. If it was not allowed then midPoint won't be able to function properly and it may even lead to security issues. Note: this applies only to execution phase. Those items are still controlled by regular authorizations for request phase. Therefore these exceptions do NOT allow user to modify those items. Attempt to do so must pass through request-phase authorization first. This exception only allows midPoint logic to modify those properties without explicit authorizations. Motivation: Strictly speaking, there would be no need for these exceptions. The modification can be allowed by regular authorizations. However, that would mean, that every practical authorization must contain those items. That is error-prone, it is a maintenance burden and it is even an obstacle for evolvability. E.g. if similar properties are added in future midPoint versions (which is likely) then all existing authorizations much be updated. The cost of slightly increased perceived security is not justified by those operational issues.
      • OPERATIONAL_ITEMS_ALLOWED_FOR_CONTAINER_DELETE

        public static final Collection<ItemPath> OPERATIONAL_ITEMS_ALLOWED_FOR_CONTAINER_DELETE
        Items that are not considered for authorization in case that the entire container is deleted. MidPoint will ignore those items when deleting containers. Motivation: Those items are automatically created and maintained by midPoint. When a container is created then such items are added. Now the trouble is how to delete such container. The user would need to have authorization to modify those items as well to delete a container value. However, such authorizations would allow him to also modify such values at will. We do not want that. This is important for some use cases, e.g. delete of a role exclusion policy rule. We want user to add/delete exclusion policy rules, but we do not want the user to manipulate the meta data. (also similar evolvability reasoning as for EXECUTION_ITEMS_ALLOWED_BY_DEFAULT)
    • Constructor Detail

      • AuthorizationConstants

        public AuthorizationConstants()