Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

With the the introduction of the catalogs, you have the ability to define which roles can be received by which Core Identities and you can define which Core Identities can assign which roles. But to fully cover your use case, there is one thing missing. You need a way of defining which Core Identities can assign roles to which other Core Identities. To solve this issue, there are four predefined Security Rule Groups that you can assign to your userssomeone can use as a recipient for a role. Now there is a use case that you want to select a core identity, that you are normally not allowed to access.

For this use case we introduced in version 8 three predefined security rule groups, with them you can control what recipients are available for the logged-in user.

This logic will be applied to the possible role recipient in the CoreOne Shop Module and in the CoreOne Admin UI when you manage the roles of a core identity or when you manage the role assignment directly on the role.

Predefined Security Rule Groups

The following predefined Security Rule Groups are available from version 8.0:

Rule Group

Description

MySecurity.RuleGroup.AllowedCoreIdentityRecipient.Read.Own

Allows a Core Identity to assign Roles to himself or order Roles for himself.

Co WorkersSecurity.RuleGroup.AllowedCoreIdentityRecipient.Read.CoWorkers

Allows a Core Identity to assign Roles to his co workers. Co workers are all Core Identities that are employed in the same organization unit .

All

All or below where the logged in user has an active and valid employment.

Security.RuleGroup.AllowedCoreIdentityRecipient.Read.AllActive

All active Core Identities can be selected.Based on permission

Security.RuleGroup.AllowedCoreIdentityRecipient.Read.PermissionBased

For any advanced use casecases, you can assign this rule group and then the Core Identity can assign roles to all Core Identities that he has read rights data access permission to.