AdminGroups Objects
After defining an authorization type, you can reference it in the Permission objects stored within AdminGroup objects. The following XML example defines an AdminGroup (called a capability) that you can assign to a user.
<AdminGroup name=’EndUser’>
<Permissions>
<Permission type=’EndUserTask’ rights=’View’/>
<Permission type=’EndUserRule’ rights=’View’/>
</Permissions>
<MemberObjectGroups>
<ObjectRef type=’ObjectGroup’ id=’#ID#All’ name=’All’/>
</MemberObjectGroups>
</AdminGroup>
|
In this example, the two Permission elements both use type names that are authorization types rather than repository types. Only TaskDefinition objects that are assigned an EndUserTask authorization type will be accessible to a user that holds this capability. (A capability conveys set of rights to one or more authorization types or repository types.) Because authorization types are essentially hierarchical with other authorization types and repository types, having rights on a parent in the “type hierarchy” grants the same rights to all children.
- © 2010, Oracle Corporation and/or its affiliates