[Midpoint-dev] authorization for user to unassign roles
Hsin-Fang Hsu
hsin-fang.hsu at itconcepts.ch
Fri Aug 27 16:40:14 CEST 2021
Dear all,
I want the user can unassign roles that assigned to them. But I cannot set the authorization properly. It always show error “AccessDenied”.
Thank you very much for your help in advanced!
I tried what this page said:
https://docs.evolveum.com/midpoint/reference/security/authorization/configuration/
[cid:image001.png at 01D79B62.0E2D2960]
This is my code for unassignment:
<authorization>
<name>self-execution-modify</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
<phase>execution</phase>
<object>
<special>self</special>
</object>
<c:item>credentials</c:item>
<c:item>assignment</c:item>
</authorization>
<authorization>
<name>assign-roles</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign</action>
<phase>request</phase>
<object>
<special>self</special>
</object>
<target>
<type>RoleType</type>
</target>
</authorization>
<authorization>
<name>unassign</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign</action>
<phase>request</phase>
<object>
<type>RoleType</type>
</object>
<target>
<special>self</special>
</target>
</authorization>
Best regards,
Hsin-Fang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint-dev/attachments/20210827/f8b68047/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 79210 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint-dev/attachments/20210827/f8b68047/attachment-0001.png>
More information about the midPoint-dev
mailing list