[midPoint] Org structure visibility

Мамаева Сауле Сериковна s.mamayeva at ktg.kz
Thu Oct 6 11:41:25 CEST 2016 

Hi, thanks for help.  I removed EndUser role from user and now Manager can see only own organizations.



Best regards,
Saule Mamayeva
s.mamayeva at ktg.kz


-----Original Message-----
From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ivan Noris
Sent: Thursday, October 06, 2016 1:42 PM
To: midpoint at lists.evolveum.com
Subject: Re: [midPoint] Org structure visibility

Hi Michalis,

yes the End user role gives significantly more than needed for that scenario. If it's not clear enough from the scenario descriptio (or there is something that mislead you) please let me know and I will update the texts.

I have not tested the scenario recently, so if there is any regression, also let me know.

Thanks,

Ivan


On 10/06/2016 08:23 AM, Michalis Siochos wrote:
> Hello,
>
> Problem solved. I was testing with "End User" role assigned which 
> provided more authorizations than I expected.
> When I unassigned and fine tuned my own role, it worked as expected.
>
> Thanks!
>
> On 10/06/2016 07:04 AM, Мамаева Сауле Сериковна wrote:
>> Hi, I'm also interested in this case. I faced the same problem.
>>
>> Best regards,
>> Saule Mamayeva
>> s.mamayeva at ktg.kz
>>
>> -----Original Message-----
>> From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf 
>> Of Michalis Siochos
>> Sent: Wednesday, October 05, 2016 3:18 PM
>> To: midpoint at lists.evolveum.com
>> Subject: [midPoint] Org structure visibility
>>
>> Hi All,
>>
>> I'm trying to achieve something really straightforward with MidPoint
>> 3.4.1 I would like an OU Manager to be able to see the org structure 
>> but only the OU(s) or subtree(s) he's managing.
>>
>> I've been following this story:
>> https://evolveum.com/blog/midpoint-goes-multitenant/
>>
>> However, when I add the following authorizations, the manager gets 
>> full view of the org structure 
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authoriza
>> tion-ui-3#orgStruct</action> 
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authoriza
>> tion-ui-3#orgTree</action>
>>
>>
>> I have tried tenant orgs but no luck.
>>
>> It seems that I miss something. Could you please advise?
>>
>> Thanks!
>> Michalis
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

--
Ivan Noris
Senior Identity Engineer
evolveum.com

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list