[midPoint] Delegated administration
Pertti Kellomäki
pertti.kellomaki at datactica.fi
Thu Nov 10 15:49:46 CET 2016
To answer my own question, there are two versions of the role in the source tree. I happened to pick the one which does not give authorization to organizations and users. The other version of the file works as expected. Sorry for the noise.
Pertti
________________________________________
Lähettäjä: midPoint <midpoint-bounces at lists.evolveum.com> käyttäjän puolestaPertti Kellomäki <pertti.kellomaki at datactica.fi>
Lähetetty: 10. marraskuuta 2016 12:54
Vastaanottaja: midpoint at lists.evolveum.com
Aihe: Re: [midPoint] Delegated administration
10.11.2016, 10:38, Radovan Semancik kirjoitti:
>
> Yes. I would say this is the best way. You would probably want to make
> the OrganizationManager role parametric (using the orgRef assignment
> parameter). But that's it.
>
Hi, a quick follow-up question. I created a manager role via the rest
api using the role-manager-full-control.xml file in midPoint's source
tree. Then I assigned the role to a user, and logged in as that user. I
can see in My Assignments that the user is a manager of an
organizational unit, and also has the Manager Full Control role.
However, I don't see the organization anywhere in the ui as I would
expect. The organization has users as members and also a sub-organization.
Is the user missing some required authorization, or do I misunderstand
how the admin ui works?
Thanks, Pertti
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list