Authorization checks
Functional authorization
The query service and quick search feature is available for users who have permission to search any of the supported entities for the supported entities). This requires a nevisIDM role that contains the respective elementary permission. The table below shows which elementary permission you need to search a certain entity. To find out which nevisIDM standard roles correspond with these permissions, see chapter: Functional authorization - nevisIDM roles. The same chapter explains the nevisIDM standard roles in more detail.
Search for | Required elementary permission |
---|---|
Users | UserSearch |
Clients | ClientSearch |
Applications | ApplicationSearch |
Units | UnitSearch |
Roles | RoleSearch |
The search result only contains hits of those entities for which the user has the required permission. Entities for which the permission is missing are not shown.
In case the user does not have any of the above permissions, the search result is empty.
Data room restrictions
Not only user roles and permissions affect the result of a search. Also data room restrictions influence the search result. This is the case with the Client data room in combination with a search for users. If someone performs a search for users, the search result only includes those users that belong to a client this person is authorized for.
The Client data room is not considered for other entities. Also, the Unit and the Application data rooms are not considered at all. This means that the search result may contain entities for which the initiator of the search is not authorized. In this case, he/she will not be able to open these search result entries.