[midPoint] roles

[Radovan Semancik]

Hello Aram,

The short answer is "not yet". This requirement needs quite fine-grained 
authorizations to work. The authorizations are introduced in 2.2. But 
although we have quite a sophisticated model for authorizations the 
implementation in 2.2 is still very rough-grained. The full 
implementation of fine-grained authorizations is planned for 2.3.

If you need this functionality now then your best option is perhaps to 
modify the GUI and somehow hack this feature in as your custom 
modification. If you use version 2.2 as a base code you can use our 
authorization/RBAC system to convey your special authorization to the 
GUI layer and therefore the "hack" will only need to check for that 
special authorization. That should be quite easy to do. And it should be 
also feasible to maintain as we plan to switch to git source code 
management right after the 2.2 release. You can replace the hack with a 
clean solution when 2.3 release will be available (planned for Q3-Q4 
this year).

-- 

                                            Radovan Semancik
                                           Software Architect
                                              evolveum.com


On 06/01/2013 12:13 PM, Aram Somoundji wrote:
> Hello,
> Can I create a role in midPoint to give the permission to activating 
> (enabling) an user only to the administrator.  That is to say that for 
> example user 1 can create an user but he cant enable it unless the 
> administrator has approved his request!
> thanks
> Aram
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20130603/c6422d80/attachment.htm>