Version: 2.75.x.x LTS

Elementary rights

A nevisIDM role is just a shortcurt to a set of more fine-grained operation authorizations (the elementary rights). The nevisIDM roles are used in the proxy and for GUI presentation, but the authorization checks before executing a function are done by checking for elementary rights.

The relation between roles and elementary rights is configured in the configuration file rolesMapping.properties, which can be customized optionally. The configuration lists the elementary right for each nevisIDM role. The configuration for UserAdmin would, for example, include the elementary rights UserSearch, UserView, UserModify, etc.

When a role is assigned, the data room restrictions are all applied equally to all elementary rights the assigned role consists of.