21 | | In all !OrgAuth policies (6, 7 and 8), a role assignment for a user (and thus all the permissions the user receives out of this role) can be restricted to a particular realm. |
| 21 | In all !OrgAuth policies (6, 7 and 8), a role assignment for a user (and thus all the permissions the user receives out of this role) can be restricted to a particular realm: |
| 22 | |
| 23 | [[Image(orgauth1.png)]] |
| 24 | |
| 25 | The realm for each role assignment can be chosen from the "''for Entity''" list. |
| 26 | |
| 27 | [[Image(orgauth2.png)]] |
| 28 | |
| 29 | In this list there is also an entry for "All Entities" which means that this role assignment is ''not'' restricted to a realm, but applies site-side (=for all records regardless of their respective owner entity). |
| 30 | |
| 31 | The entry "Default Realm" means all entities the user is (or will be) an organisation unit of at the time of the request authorization. |
| 32 | |
| 33 | That means, any future affiliation of the current user will assign the user this role for the respective entity. |