Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CoreOne Suite Security Role

Access Level inside CoreOne Suite

Available in version

Description

CoreOne Authentication Service API Manager Authentication Methods

Read configured auth method

>= 9.1

Allows to read the configured authentication methods of a user

CoreOne Authentication Service API QoR

Read QoR

>= 9.1

Allows to read the QoR of a user

CoreOne Authentication Service API Read Permissions for any Application

Read permission

>= 9.1

Allows to read the permission of the any application

CoreOne Authentication Service API Read Permissions for My Application

Read permisson

>= 9.1

Allows to read the permission of the own application

CoreOne Suite Administrator

Full Access

>= 4.0

Full access to the whole CoreOne Suite

CoreOne Suite Approvals

Access to approval requests where the assignee is involved

>= 5.1

Assign this role to users that need to take part in an approval process.

CoreOne Suite Authentication Service User Account Manager

Read the user account tab

>= 9.1

Allows to read and use the account tab of Authentication Service Users

CoreOne Basic Access

General login access

>= 7.0

Allows a user to use his CoreOne SSO account

CoreOne Suite Legal Entity Activate

Activate a legal entity button

>= 7.0

Allows a user to activate a legal entity in the CoreOne Self-Service Portal

CoreOne Suite Legal Entity Confirm Changes

Confirm changes to a legal entity

>= 7.0

Allows a user to confirm changes to a legal entity in the CoreOne Self-Service Portal

CoreOne Suite Legal Entity Delete

Access to legal entities in which context the security role is assigned to

Delete rights to legal entities in which context the security role is assigned to

>= 7.0

Allows a user to delete a legal entity for which this security rule is assigned to

CoreOne Suite Legal Entity Edit

Access to legal entities in which context the security role is assigned to

Update rights to legal entities in which context the security role is assigned to

>= 7.0

Allows a user to update a legal entity for which this security rule is assigned to

CoreOne Suite Legal Entity Read

Access to legal entities in which context the security role is assigned to

>= 8.1.6

Allows a user to read a legal entity for which this security rule is assigned to

CoreOne Suite Legal Entity Employment Create

Access to legal entities in which context the security role is assigned to

Create rights to employments in which context the security role is assigned to

Read rights to all employment types

>= 7.0

Allows a user to create new employments for the the legal entity for which this security rule is assigned to

CoreOne Suite Legal Entity Employment Delete

Access to legal entities in which context the security role is assigned to

Delete rights to employments in which context the security role is assigned to

Read rights to all employment types

>= 7.0

Allows a user to delete an employments for the the legal entity for which this security rule is assigned to

CoreOne Suite Legal Entity Register

Read rights to organization unit types

>= 7.0

Allows a user to create a new legal entity in the state of activation pending

CoreOne Suite Manage My Resources

Manage the users resources.

> 5.14

Gives access to all resources where the current user is set as an owner and allows to manage the memberships.

CoreOne Suite Manage My Roles

Manage the users roles.

> 5.14

Gives access to all roles where the current user is set as an owner and allows to manage the memberships.

CoreOne Suite Manage Representations

Full access to representations where he is apart of

Full access to representation relationships where he is apart of

>= 7.0

Allows the user to create and manage representations and delegations

CoreOne Suite OpenID Service

>= 7.0

CoreOne Suite Shop

Access to see the Shop Module in the Portal

>= 8.0

Gives access to see the CoreOne Shop Module in the CoreOne Self-Service Portal. You still need to configure the appropriate catalogs so that user actually can order things.

CoreOne Suite Self-Service User

Access to the Self-Service Portal

Access to his own Core Identity

Access to his own Identities

Access to orderings and approvals

>= 4.0Gives users basic rights to perform actions like resetting the password for his own accounts or ordering a role for himself

CoreOne Suite Read Core Identities from Organization Unit

Read access to all core identities that have an valid employment to the organization unit in the context or at a child organization unit.

>= 8.0

This security role needs at least one assignment context of the type organization unit.

This organization unit will be used as a root from where you are allowed to read the core identities.

Note

This security role does not give any security rule groups only data access permission to the core identity.

CoreOne Suite Read Assignable Roles

Read access to all roles where you have at least one valid catalog assignment to.

>= 8.0

Allows you to read all roles where you have at least one valid catalog assignment.

Note

This security role does not give any security rule groups only data access permission to the role.

CoreOne Suite Read Own QoR / QaA

Access to QoR / QoA functionalities

>=9.1

This role enables the access to Quality of Registration / Quality of Authentication related functionalities. Derived from CoreOne Suite Self-Service User

CoreOne Suite Self-Service User

Access to the Self-Service Portal

Access to his own Core Identity

Access to his own Identities

Access to orderings and approvals

>= 4.0

Gives users basic rights to perform actions like resetting the password for his own accounts or ordering a role for himself

CoreOne Suite Organization Unit Permission Manager

Grants permission to manage roles in accordance to the configured catalogs.

>= 8.0

This role is applied in the context of an organization unit. When granted, it gives the user permission to read all Core Identities that are employed in the selected context (organization unit) and allows the user to assign and remove roles based on the assigned catalogs to that context (organization unit).

CoreOne Suite Organization Unit Employee Manager

Grants permission to manage employees in the assigned context.

>=9.0

This role is applied in the context of an organization unit. When granted, it gives the user permission to create, update and delete Core Identities and create, update and delete employments in that context.

CoreOne Suite Organization Unit Employee Reader

Grants permission to read employees in the assigned context.

>=9.0

This role is applied in the context of an organization unit. When granted, it gives the user permission to read Core Identities, Employments, Identities and Resource Assignments.

CoreOne Suite External Legal Entity Activation

Enables the additional company tab in the self service portal.

>= 8.0

This role should only be used when a external company services is register in the backend and only if the assiged user fullfills the requirements to laod them.

CoreOne Suite Workflow Administrator

No entity access in the CoreOne Suite itself.

>= 8.1

This role enables the access to the CoreOne Suite Workflow Dashboard.

CoreOne Suite User Identification Validator

Grants read and update rights on all Core Identities as well as the right to accept or decline manual identification requests.

>= 8.2

Allows the user to check and verify manual identification requests as well as changing core identities as part of the verification process.

...