Appendix A - Tables - Elementary Rights
The table below describes all elementary rights supported by the implementation of nevisIDM.
| Name | Semantic |
|---|---|
| ApplicationCreate | Allows to create applications. |
| ApplicationDelete | Allows to delete applications. |
| ApplicationModify | Allows to modify existing applications. |
| ApplicationSearch | Allows to search for applications. |
| ApplicationView | Allows to view application details. |
| AuthorizationApplCreate | Allows to add applications to the data room of an authorization. |
| AuthorizationApplDelete | Allows to remove applications from the data room of an authorization. |
| AuthorizationApplSearch | Allows to search for application data rooms. |
| AuthorizationApplView | Allows to view details of members of application data rooms. |
| AuthorizationClientCreate | Allows to add clients to the data room of an authorization. |
| AuthorizationClientDelete | Allows to remove clients from the data room of an authorization. |
| AuthorizationClientSearch | Allows to search for client data rooms. |
| AuthorizationClientView | Allows to view details of members of client data rooms. |
| AuthorizationCreate | Allows to assign roles to profiles. |
| AuthorizationDelete | Allows to remove assignments of roles to profiles. |
| AuthorizationModify | Allows to modify authorizations, e.g., regarding global flags. |
| AuthorizationSearch | Allows to search for authorizations. |
| AuthorizationView | Allows to view details of authorizations. |
| AuthorizationEnterpriseRoleCreate | Allows to add enterprise roles to the data room of an authorization. |
| AuthorizationEnterpriseRoleDelete | Allows to remove enterprise roles from the data room of an authorization. |
| AuthorizationEnterpriseRoleSearch | Allows to search for enterprise role data rooms. |
| AuthorizationEnterpriseRoleView | Allows to view details of members of the enterprise role data room. |
| AuthorizationUnitCreate | Allows to add units to the data room of an authorization. |
| AuthorizationUnitDelete | Allows to remove units from the data room of an authorization. |
| AuthorizationUnitSearch | Allows to search for unit data rooms. |
| AuthorizationUnitView | Allows to view details of members of unit data rooms. |
| BatchJobExecute | Allows to start batch jobs manually. |
| BatchJobView | Allows to view details of registered batch jobs. |
| ClientApplAssign | Allows to assign applications to clients. |
| ClientApplDelete | Allows to remove applications from clients. |
| ClientApplView | Allows to view details of the assignment of applications to clients. |
| ClientCreate | Allows to create clients. |
| ClientDelete | Allows to delete clients. |
| ClientModify | Allows to modify existing clients. |
| ClientSearch | Allows to search for clients. |
| ClientView | Allows to view details of clients. |
| CollectionCreate | Allows to create template collections. |
| CollectionDelete | Allows to delete template collections. |
| CollectionModify | Allows to modify existing template collections. |
| CollectionView | Allows to view details of template collections. |
| ConsentView | Allows to view consents. |
| CredentialChangeState | Allows to change the state of credentials. |
| CredentialCreate | Allows to create credentials. |
| CredentialDelete | Allows to delete credentials. |
| CredentialModify | Allows to modify credentials. |
| CredentialPdfView | Allows to generate and downdload PDFs for credentials, e.g., an OTP card. |
| CredentialSearch | Allows to search for credentials. |
| CredentialView | Allows to view details of credentials. |
| CredentialViewPlainValue | Allows to view the plain value of the credential upon the creation of the credential. Later on, it is not possible anymore as nevisIDM only stores hashes of the plain values in the DB. A possible use case is if the password/ticket generated by nevisIDM has to be passed to an external service for further processes, e.g., a printing service. To pass the complete plain value, the policies have to be configured correspondingly (ticketLen0/ticketLen1 or resetCodeLen0/resetCodeLen1). |
| EnterpriseRoleCreate | Allows to create enterprise roles. |
| EnterpriseRoleDelete | Allows to delete enterprise roles. |
| EnterpriseRoleModify | Allows to modify existing enterprise roles. |
| EnterpriseRoleSearch | Allows to search for enterprise roles. |
| EnterpriseRoleView | Allows to view details of enterprise roles. |
| EnterpriseRoleMemberCreate | Allows to create enterprise role members, i.e., assign application roles to enterprise roles. |
| EnterpriseRoleMemberDelete | Allows to delete enterprise role members, i.e., unassign application roles from enterprise roles. |
| EnterpriseRoleMemberSearch | Allows to search for enterprise role members. |
| EnterpriseAuthorizationCreate | Allows to assign enterprise role to profiles. |
| EnterpriseAuthorizationDelete | Allows to unassign enterprise roles from profiles. |
| EnterpriseAuthorizationModify | Allows to modify enterprise authorizations. |
| EnterpriseAuthorizationSearch | Allows to search for enterprise authorizations. |
| EnterpriseAuthorizationView | Allows to view details of enterprise authorizations. |
| EntityAttributeAccessOverride | Allows to overrule the attribute access definitions as defined in attrAccess.properties |
| GenerateReport | Allows to generate reports. |
| HistoryView | Allows to view all history data, i.e., previous versions of records. |
| LoginIdOverride | Allows to override loginIds generated by the "loginId generator" |
| LoginIdModify | Allows modifying login IDs. |
| PersistentQueueView | Allows to view the event queue. |
| PersistentQueueDelete | Allows to delete entries in the event queue. |
| PersistentQueueRetry | Allows to restart entries in the event queue. |
| PersonalQuestionCreate | Allows to create personal questions. |
| PersonalQuestionDelete | Allows to delete personal questions. |
| PersonalQuestionModify | Allows to modify existing personal questions. |
| PersonalQuestionView | Allows to view details of personal questions. |
| PersonalQuestionSearch | Allows to search for personal questions. |
| ProfileArchive | Allows to archive profiles. |
| ProfileCreate | Allows to create profiles. |
| ProfileDelete | Allows to delete profiles. |
| ProfileModify | Allows to modify existing profiles. |
| ProfileSearch | Allows to search for profiles. |
| ProfileView | Allows to view details of profiles. |
| DeputyCreate | Allows to create deputies. |
| DeputyDelete | Allows to delete deputies. |
| PolicyConfigurationCreate | Allows to create policies of any policy type. |
| PolicyConfigurationDelete | Allows to delete policies. |
| PolicyConfigurationModify | Allows to modify existing policies. |
| PolicyConfigurationSearch | Allows to search for policies. |
| PolicyConfigurationView | Allows to view details of policies. |
| PropertyAllowedValueCreate | Allows to create new values for enum properties. |
| PropertyAllowedValueDelete | Allows to delete values of enum properties. |
| PropertyAllowedValueModify | Allows to modify existing values of enum properties. |
| PropertyAllowedValueSearch | Allows to search for values of enum properties. |
| PropertyAllowedValueView | Allows to view values of enum properties. |
| PropertyAttributeAccessOverride | Allows to overrule the property attribute access definitions. |
| PropertyCreate | Allows to create properties. |
| PropertyDelete | Allows to delete properties. |
| PropertyModify | Allows to modify existing properties. |
| PropertySearch | Allows to search for propeties. |
| PropertyView | Allows to view details of propeties. |
| PropertyValueCreate | Allows to create values for properties. |
| PropertyValueDelete | Allows to delete values of properties. |
| PropertyValueModify | Allows to modify existing values of properties. |
| PropertyValueSearch | Allows to search for values of properties. |
| PropertyValueView | Allows to view values of properties. |
| RoleCreate | Allows to create application roles. |
| RoleDelete | Allows to delete application roles. |
| RoleModify | Allows to modify existing application roles. |
| RoleSearch | Allows to search for application roles. |
| RoleView | Allows to view details of application roles. |
| SearchResultsExport | Allows to export search results to a CSV file. |
| SelfAdmin | Allows to manage restricted parts of the user's own data and credentials. |
| TemplateCreate | Allows to create templates. |
| TemplateDelete | Allows to delete templates. |
| TemplateModify | Allows to modify existing templates. |
| TemplateView | Allows to view details of templates. |
| TemplateStore | Allows to manage the document templates (Template Manager). |
| TemplateTextCreate | Allows to create content for templates. |
| TemplateTextDelete | Allows to delete content of templates. |
| TemplateTextModify | Allows to modify existing content of templates. |
| TemplateTextView | Allows to view content of templates. |
| TermsCreate | Allows to create terms. |
| TermsDelete | Allows to delete terms. |
| TermsModify | Allows to modify terms. |
| TermsView | Allows to view terms. |
| UnitCreate | Allows to create units. |
| UnitCreateTopUnit | Allows to create main units, i.e., top-level units |
| UnitDelete | Allows to delete units. |
| UnitModify | Allows to modify existing units. |
| UnitSearch | Allows to search for units. |
| UnitView | Allows to view details of units. |
| UnitCredPolicyCreate | Allows to create and assign credential policies to units. |
| UnitCredPolicyDelete | Allows to remove credential policies from units. |
| UnitCredPolicyView | Allows to view credential policies of units. |
| UserArchive | Allows to archive users. |
| UserCreate | Allows to create new users. |
| UserDelete | Allows to delete users. |
| UserModify | Allows to modify existing users. |
| UserSearch | Allows to search for users. |
| UserView | Allows to view details of users. |
| UserCreateTechUser | Allows to create technical users. |
| UserModifyTechUser | Allows to modify existing technical users. |
| UserDeleteTechUser | Allows to delete technical users. |
| UserArchiveTechUser | Allows to archive technical users. |