[midPoint] [External] ERROR "Undeclared namespace prefix 'org' in 'org:manager'" when importing a new role
Drew Roberts
aroberts at apu.edu
Wed Nov 29 17:42:02 CET 2023
Oops, forgot to end the OID with a quote. Correct code example would be:
<role oid="b613c706-3889-11e6-b175-d78cc67d7066" xmlns:org="
http://midpoint.evolveum.com/xml/ns/public/common/org-3">
Peace be with you.
On Wed, Nov 29, 2023 at 8:40 AM Drew Roberts <aroberts at apu.edu> wrote:
> Hey Philippe,
>
> When you declare a namespace you need to have something that tells the
> system where the namespace is. Since you have something like org:maanger
> you need to declare what the org namespace is. You could add it to your
> first bit of code. Example:
>
> <role oid="b613c706-3889-11e6-b175-d78cc67d7066 xmlns:org="
> http://midpoint.evolveum.com/xml/ns/public/common/org-3">
>
> Hope that helps!
>
> On Wed, Nov 29, 2023 at 7:49 AM Philippe via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
>> Hello,
>>
>> I get this error message when I try to import a new role containing
>> authorization (linked to the organization of the user)
>> the goal is to create an organizational manager role having the right to
>> manage (CRUD) identities in the organizations he manages
>> Do you have an idea of the issue ?
>>
>> Thanks
>>
>>
>> Midpoint version : 4.8
>>
>> <role oid="b613c706-3889-11e6-b175-d78cc67d7066">
>> <name>ADMIN - Organizational Manager</name>
>> <description>Allows full identity administration for
>> organizations where the user is a manager.</description>
>> <authorization>
>> <name>gui-access</name>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll
>> </action>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll
>> </action>
>> </authorization>
>> <authorization>
>> <name>autz-read</name>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
>> </action>
>> <object>
>> <orgRelation>
>> <subjectRelation>org:manager</subjectRelation>
>> <scope>allDescendants</scope>
>> <includeReferenceOrg>true</includeReferenceOrg>
>> </orgRelation>
>> </object>
>> </authorization>
>> <authorization>
>> <name>autz-write</name>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
>> </action>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
>> </action>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete
>> </action>
>> <object>
>> <orgRelation>
>> <subjectRelation>org:manager</subjectRelation>
>> </orgRelation>
>> </object>
>> </authorization>
>> <authorization>
>> <name>autz-shadow</name>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
>> </action>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
>> </action>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
>> </action>
>> <action>
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete
>> </action>
>> <object>
>> <type>ShadowType</type>
>> <owner>
>> <orgRelation>
>> <subjectRelation>org:manager</subjectRelation>
>> </orgRelation>
>> </owner>
>> </object>
>> </authorization>
>> <subtype>application</subtype>
>> </role>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> Drew Roberts | Systems Administrator II
> IT Platform Engineering, Azusa Pacific University
> apu.edu
>
> [image: APU logo]
>
--
Drew Roberts | Systems Administrator II
IT Platform Engineering, Azusa Pacific University
apu.edu
[image: APU logo]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231129/20cc942b/attachment.htm>
More information about the midPoint
mailing list