Skip to main content
Version: 8.2411.x.x RR

Appendix A - Tables - Elementary Rights

The table below describes all elementary rights supported by the implementation of nevisIDM.

NameSemantic
ApplicationCreateAllows to create applications.
ApplicationDeleteAllows to delete applications.
ApplicationModifyAllows to modify existing applications.
ApplicationSearchAllows to search for applications.
ApplicationViewAllows to view application details.
AuthorizationApplCreateAllows to add applications to the data room of an authorization.
AuthorizationApplDeleteAllows to remove applications from the data room of an authorization.
AuthorizationApplSearchAllows to search for application data rooms.
AuthorizationApplViewAllows to view details of members of application data rooms.
AuthorizationClientCreateAllows to add clients to the data room of an authorization.
AuthorizationClientDeleteAllows to remove clients from the data room of an authorization.
AuthorizationClientSearchAllows to search for client data rooms.
AuthorizationClientViewAllows to view details of members of client data rooms.
AuthorizationCreateAllows to assign roles to profiles.
AuthorizationDeleteAllows to remove assignments of roles to profiles.
AuthorizationModifyAllows to modify authorizations, e.g., regarding global flags.
AuthorizationSearchAllows to search for authorizations.
AuthorizationViewAllows to view details of authorizations.
AuthorizationEnterpriseRoleCreateAllows to add enterprise roles to the data room of an authorization.
AuthorizationEnterpriseRoleDeleteAllows to remove enterprise roles from the data room of an authorization.
AuthorizationEnterpriseRoleSearchAllows to search for enterprise role data rooms.
AuthorizationEnterpriseRoleViewAllows to view details of members of the enterprise role data room.
AuthorizationUnitCreateAllows to add units to the data room of an authorization.
AuthorizationUnitDeleteAllows to remove units from the data room of an authorization.
AuthorizationUnitSearchAllows to search for unit data rooms.
AuthorizationUnitViewAllows to view details of members of unit data rooms.
BatchJobExecuteAllows to start batch jobs manually.
BatchJobViewAllows to view details of registered batch jobs.
ClientApplAssignAllows to assign applications to clients.
ClientApplDeleteAllows to remove applications from clients.
ClientApplViewAllows to view details of the assignment of applications to clients.
ClientCreateAllows to create clients.
ClientDeleteAllows to delete clients.
ClientModifyAllows to modify existing clients.
ClientSearchAllows to search for clients.
ClientViewAllows to view details of clients.
CollectionCreateAllows to create template collections.
CollectionDeleteAllows to delete template collections.
CollectionModifyAllows to modify existing template collections.
CollectionViewAllows to view details of template collections.
ConsentViewAllows to view consents.
CredentialChangeStateAllows to change the state of credentials.
CredentialCreateAllows to create credentials.
CredentialDeleteAllows to delete credentials.
CredentialModifyAllows to modify credentials.
CredentialPdfViewAllows to generate and downdload PDFs for credentials, e.g., an OTP card.
CredentialSearchAllows to search for credentials.
CredentialViewAllows to view details of credentials.
CredentialViewPlainValueAllows to view the plain value of the credential upon the creation of the credential. Later on, it is not possible anymore as nevisIDM only stores hashes of the plain values in the DB.
A possible use case is if the password/ticket generated by nevisIDM has to be passed to an external service for further processes, e.g., a printing service. To pass the complete plain value, the policies have to be configured correspondingly (ticketLen0/ticketLen1 or resetCodeLen0/resetCodeLen1).
EnterpriseRoleCreateAllows to create enterprise roles.
EnterpriseRoleDeleteAllows to delete enterprise roles.
EnterpriseRoleModifyAllows to modify existing enterprise roles.
EnterpriseRoleSearchAllows to search for enterprise roles.
EnterpriseRoleViewAllows to view details of enterprise roles.
EnterpriseRoleMemberCreateAllows to create enterprise role members, i.e., assign application roles to enterprise roles.
EnterpriseRoleMemberDeleteAllows to delete enterprise role members, i.e., unassign application roles from enterprise roles.
EnterpriseRoleMemberSearchAllows to search for enterprise role members.
EnterpriseAuthorizationCreateAllows to assign enterprise role to profiles.
EnterpriseAuthorizationDeleteAllows to unassign enterprise roles from profiles.
EnterpriseAuthorizationModifyAllows to modify enterprise authorizations.
EnterpriseAuthorizationSearchAllows to search for enterprise authorizations.
EnterpriseAuthorizationViewAllows to view details of enterprise authorizations.
EntityAttributeAccessOverrideAllows to overrule the attribute access definitions as defined in attrAccess.properties
GenerateReportAllows to generate reports.
HistoryViewAllows to view all history data, i.e., previous versions of records.
LoginIdOverrideAllows to override loginIds generated by the "loginId generator"
LoginIdModifyAllows modifying login IDs.
PersistentQueueViewAllows to view the event queue.
PersistentQueueDeleteAllows to delete entries in the event queue.
PersistentQueueRetryAllows to restart entries in the event queue.
PersonalQuestionCreateAllows to create personal questions.
PersonalQuestionDeleteAllows to delete personal questions.
PersonalQuestionModifyAllows to modify existing personal questions.
PersonalQuestionViewAllows to view details of personal questions.
PersonalQuestionSearchAllows to search for personal questions.
ProfileArchiveAllows to archive profiles.
ProfileCreateAllows to create profiles.
ProfileDeleteAllows to delete profiles.
ProfileModifyAllows to modify existing profiles.
ProfileSearchAllows to search for profiles.
ProfileViewAllows to view details of profiles.
DeputyCreateAllows to create deputies.
DeputyDeleteAllows to delete deputies.
PolicyConfigurationCreateAllows to create policies of any policy type.
PolicyConfigurationDeleteAllows to delete policies.
PolicyConfigurationModifyAllows to modify existing policies.
PolicyConfigurationSearchAllows to search for policies.
PolicyConfigurationViewAllows to view details of policies.
PropertyAllowedValueCreateAllows to create new values for enum properties.
PropertyAllowedValueDeleteAllows to delete values of enum properties.
PropertyAllowedValueModifyAllows to modify existing values of enum properties.
PropertyAllowedValueSearchAllows to search for values of enum properties.
PropertyAllowedValueViewAllows to view values of enum properties.
PropertyAttributeAccessOverrideAllows to overrule the property attribute access definitions.
PropertyCreateAllows to create properties.
PropertyDeleteAllows to delete properties.
PropertyModifyAllows to modify existing properties.
PropertySearchAllows to search for propeties.
PropertyViewAllows to view details of propeties.
PropertyValueCreateAllows to create values for properties.
PropertyValueDeleteAllows to delete values of properties.
PropertyValueModifyAllows to modify existing values of properties.
PropertyValueSearchAllows to search for values of properties.
PropertyValueViewAllows to view values of properties.
RoleCreateAllows to create application roles.
RoleDeleteAllows to delete application roles.
RoleModifyAllows to modify existing application roles.
RoleSearchAllows to search for application roles.
RoleViewAllows to view details of application roles.
SearchResultsExportAllows to export search results to a CSV file.
SelfAdminAllows to manage restricted parts of the user's own data and credentials.
TemplateCreateAllows to create templates.
TemplateDeleteAllows to delete templates.
TemplateModifyAllows to modify existing templates.
TemplateViewAllows to view details of templates.
TemplateStoreAllows to manage the document templates (Template Manager).
TemplateTextCreateAllows to create content for templates.
TemplateTextDeleteAllows to delete content of templates.
TemplateTextModifyAllows to modify existing content of templates.
TemplateTextViewAllows to view content of templates.
TermsCreateAllows to create terms.
TermsDeleteAllows to delete terms.
TermsModifyAllows to modify terms.
TermsViewAllows to view terms.
UnitCreateAllows to create units.
UnitCreateTopUnitAllows to create main units, i.e., top-level units
UnitDeleteAllows to delete units.
UnitModifyAllows to modify existing units.
UnitSearchAllows to search for units.
UnitViewAllows to view details of units.
UnitCredPolicyCreateAllows to create and assign credential policies to units.
UnitCredPolicyDeleteAllows to remove credential policies from units.
UnitCredPolicyViewAllows to view credential policies of units.
UserArchiveAllows to archive users.
UserCreateAllows to create new users.
UserDeleteAllows to delete users.
UserModifyAllows to modify existing users.
UserSearchAllows to search for users.
UserViewAllows to view details of users.
UserCreateTechUserAllows to create technical users.
UserModifyTechUserAllows to modify existing technical users.
UserDeleteTechUserAllows to delete technical users.
UserArchiveTechUserAllows to archive technical users.