Warning, /plasma/plasma-workspace/doc/PolicyKit-kde/authorization.docbook is written in an unsupported language. File is not indexed.

0001 <chapter id="authorization">
0002 <title>Authorization manager</title>
0003 
0004 <sect1 id="authorization-manual">
0005 <title>Manual</title>
0006 
0007 <para>
0008 The Authorization manager is the application that system administrators can
0009 use to easily change the default behavior of any actions. This page does not
0010 aim to explain how to create new actions or define new <quote>.policy</quote>
0011 files.</para>
0012 
0013 <para>
0014 The Authorization screen is divided in two parts, at the left we have all the
0015 actions that PolicyKit knows, you are able to search the actions using the search
0016 bar at the top, and at the right we have the selected action.
0017 This screenshot shows the main Authorization screen:
0018 </para>
0019 
0020 <para>
0021 <screenshot>
0022 <mediaobject>
0023 <imageobject><imagedata fileref="authorization_1.png" format="PNG"/></imageobject>
0024 <textobject><phrase>Main window with source device</phrase></textobject>
0025 </mediaobject>
0026 </screenshot>
0027 </para>
0028 
0029 <para>
0030 When you select an action it's details will be shown at the right side,
0031 the action might have an icon, a description and the vendor name. Next
0032 in the view we have the <quote>Implicit Authorizations</quote> and
0033 <quote>Explicit Authorizations</quote>.
0034 </para>
0035 
0036 <para>
0037 The <quote>Implicit Authorizations</quote> are authorizations automatically
0038 given to users based on certain criteria such as if they are on the local
0039 console. These authorizations are read from the <quote>.policy</quote> files
0040 that the given application defined, they are the defaults settings of the action.
0041 These are the valid values
0042 </para>
0043 
0044 <itemizedlist>
0045 <listitem><para>no</para></listitem>
0046 <listitem><para>auth_self_one_shot</para></listitem>
0047 <listitem><para>auth_self</para></listitem>
0048 <listitem><para>auth_self_keep_session</para></listitem>
0049 <listitem><para>auth_self_keep_always</para></listitem>
0050 <listitem><para>auth_admin_one_shot</para></listitem>
0051 <listitem><para>auth_admin</para></listitem>
0052 <listitem><para>auth_admin_keep_session</para></listitem>
0053 <listitem><para>auth_admin_keep_always</para></listitem>
0054 <listitem><para>yes</para></listitem>
0055 </itemizedlist>
0056 
0057 <para>
0058 You can change these defaults values simply by changing it on the combo box,
0059 the not bold value is the default one so if you want to change one value back
0060 you can select it, to make you selection take effect you have to click on the
0061 <quote>Modify</quote> button. The <quote>Revert to defaults</quote> can be used
0062 to change all <quote>Implicit Authorizations</quote> to it's defaults values.
0063 Note that both <quote>Modify</quote> and <quote>Revert to defaults</quote>
0064 requires you to issue the PolicyKit <quote>org.freedesktop.policykit.modify-defaults</quote>
0065 action which might ask a password.
0066 </para>
0067 
0068 <para>
0069 The <quote>Explicit Authorizations</quote> are authorizations that are either
0070 obtained through authentication process or specifically given to the action
0071 in question. The default behavior is to only show the current user explicit
0072 authorizations; if you want to see others users explicit authorizations
0073 click on the <quote>Show authorizations from all users</quote>, note that this
0074 requires you to issue the PolicyKit <quote>org.freedesktop.policykit.read</quote>
0075 action which might ask a password.
0076 Blocked authorizations are marked with a <quote>STOP</quote> sign.
0077 </para>
0078 
0079 <para>
0080 The <quote>Revoke</quote> button is used to revoke an explicit authorization.
0081 Note that this requires you to issue the PolicyKit
0082 <quote>org.freedesktop.policykit.revoke</quote> action which might ask a password.
0083 </para>
0084 
0085 <para>
0086 If you want to specifically grant or block a given user of performing a given action
0087 you can click on the <quote>Grant</quote> or <quote>Block</quote>.
0088 The following screenshot you see the Grant/Block dialog:
0089 </para>
0090 
0091 <para>
0092 <screenshot>
0093 <mediaobject>
0094 <imageobject><imagedata fileref="authorization_2.png" format="PNG"/></imageobject>
0095 <textobject><phrase>Grant/Block explicit authorizations dialog</phrase></textobject>
0096 </mediaobject>
0097 </screenshot>
0098 </para>
0099 
0100 <para>
0101 To grant/block explicit authorizations you have to select the user that will
0102 receive the authorization. You can also select the <quote>Constraints</quote>
0103 to limit the authorization such that it only applies under certain circumstances.
0104 <warning><para>Be aware that explicit blocking and authorization might self lock you
0105 of performing the given action so be sure of what you are doing</para></warning>
0106 Note that this requires you to issue the PolicyKit
0107 <quote>org.freedesktop.policykit.grant</quote> action which might ask a password.
0108 </para>
0109 
0110 </sect1>
0111 
0112 </chapter>