[midPoint] SuperUser Persistence
Seth McCombs
seth at sourceclear.com
Tue Jan 23 01:27:50 CET 2018
Thanks Pavol!
I actually just finished that book today, and am re-reading through the XML
syntax parts. My MidPoint is 3.4.1, and I need to figure out what my next
steps are for updating, (our instance is Kubernetes based, so I'll be
rolling an update). My issue, unless I'm missing it, is that any user
besides the initially configured super-user (set up at install), all other
users given the super user role, lose that role after 1-2 days.
Thanks!
Seth McCombs
IT Operations Engineer
+1 510.514.5855
seth at sourceclear.com
On Mon, Jan 22, 2018 at 4:16 PM, Pavol Mederly <mederly at evolveum.com> wrote:
> Hello Seth,
>
> what you see is Superuser role. It can be assigned to any account,
> effectively providing that account with "root" privileges.
>
> In fact, there's nothing hardcoded. The role can have any name, any OID.
> What is important, is
>
> <authorization>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/
> authorization-3#all</action>
> </authorization>
>
> (The URI ...#all is a predefined constant in midPoint, giving all access
> within the system.)
> ------------------------------
> Anyway, midPoint is far too complex to be understood by exploring its GUI.
> I would strongly recommend reading this e-book that will provide you with
> solid understanding of basic concepts: https://evolveum.com/midpoint/
> midpoint-guide-about-practical-identity-management/. And, as midPoint in
> latest version (3.7) is really easy to install, it is the best to install a
> "playground" midPoint instance and explore it without fear of breaking
> anything.
>
> Pavol Mederly
> Software developerevolveum.com
>
> On 23.01.2018 1:01, Seth McCombs wrote:
>
> Hey All,
>
> I inherited a running MidPoint install, and while all is working well, I
> am trying to learn as much about the system as I can. One thing I have
> found is that when I provide my account with SuperUser access (after
> logging in as root account), I then log back in a day or two later, and my
> super user access is gone. I've only just started digging through configs
> and logs, but I have little idea where to start, one thing I have found is
> this XML file - (See output below)
>
>
> <role oid=“00000000-0000-0000-0000-000000000004”
> xmlns=“http://midpoint.evolveum.com/xml/ns/public/common/common-3">
> <name>Superuser</name>
> <description>Role that gives user full authorization in
> MidPoint.</description>
> <authorization>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/
> authorization-3#all</action>
> </authorization>
> <roleType>system</roleType>
> </role>
>
> It seems to me that the superuser is possibly hard coded, but I don't know
> where that above link leads nore how to fix this,
>
> Any advice is MUCH appreciated!
>
> Cheers!
>
> Seth McCombs
> IT Operations Engineer
> +1 510.514.5855 <(510)%20514-5855>
> seth at sourceclear.com
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180122/b773f158/attachment.htm>
More information about the midPoint
mailing list