[midPoint] ERROR "Undeclared namespace prefix 'org' in 'org:manager'" when importing a new role

philippebriffod at laposte.net philippebriffod at laposte.net
Wed Nov 29 16:49:24 CET 2023 

‌Hello,

I get this error message when I try to import a new role containing authorization (linked to the organization of the user)
the goal is to create an organizational manager role having the right to manage (CRUD) identities in the organizations he manages
Do you have an idea of the issue ?

Thanks


Midpoint version : 4.8

<role oid="b613c706-3889-11e6-b175-d78cc67d7066">
        <name>ADMIN - Organizational Manager</name>
        <description>Allows full identity administration for organizations where the user is a manager.</description>
        <authorization>
            <name>gui-access</name>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll</action>
        </authorization>
        <authorization>
            <name>autz-read</name>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
            <object>
                <orgRelation>
                    <subjectRelation>org:manager</subjectRelation>
                    <scope>allDescendants</scope>
                    <includeReferenceOrg>true</includeReferenceOrg>
                </orgRelation>
            </object>
        </authorization>
        <authorization>
            <name>autz-write</name>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
            <object>
                <orgRelation>
                    <subjectRelation>org:manager</subjectRelation>
                </orgRelation>
            </object>
        </authorization>
        <authorization>
            <name>autz-shadow</name>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
            <object>
                <type>ShadowType</type>
                <owner>
                    <orgRelation>
                        <subjectRelation>org:manager</subjectRelation>
                    </orgRelation>
                </owner>
            </object>
        </authorization>
        <subtype>application</subtype>
</role>

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231129/6c2a0f4f/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CaptureMD-orgmanager.PNG
Type: image/png
Size: 94563 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231129/6c2a0f4f/attachment-0001.png>

More information about the midPoint mailing list