[midPoint] Delegated administrator

Ivan Noris ivan.noris at evolveum.com
Mon Aug 3 08:35:55 CEST 2015


Hi Petr,

please check the *GUI* authorization namespaces, there was a change for
the upcoming 3.2.

e.g.
http://midpoint.evolveum.com/xml/ns/public/security/authorization*-ui*-3#dashboard

The End User and Superuser role are already modified in XML files, not
sure about the documentation...

Please try.
Regards,
Ivan

On 07/31/2015 05:24 PM, Petr Gašparík wrote:
> Hi,
> I tried to setup delegated administrator for organization (user
> management + workflow tasks) and ended with role like below. This,
> assigned to user, does not allow him to see attributes when creating
> user, thus admin can't enter values into them (name, for example). 
>
> What am I missing? Is there example for delegated administrator? (I
> checked web and git already)
>
> regards
> Petr G.
>
> -------------------------------------------
>
> <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>      
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>       xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>       xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>       xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>      
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>       oid="delegatedAdmin"
>       version="23">
>    <name>Delegated administrator</name>
>    <activation>
>       <effectiveStatus>enabled</effectiveStatus>
>    </activation>
>    <iteration>0</iteration>
>    <iterationToken/>
>    <authorization id="1">
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
>       <object>
>          <type>OrgType</type>
>       </object>
>       <object>
>          <type>ResourceType</type>
>       </object>
>       <object>
>          <type>RoleType</type>
>       </object>
>       <object>
>          <type>ShadowType</type>
>       </object>
>       <object>
>          <type>UserType</type>
>          <orgRef
> xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>                  oid="3404b331-57c0-4bef-b699-0192ce8d728b"
>                  type="tns:OrgType"></orgRef>
>       </object>
>    </authorization>
>    <authorization id="2">
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#users</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#userDetails</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#findUsers</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#orgTree</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItems</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItem</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsMyRequests</action>
>      
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsProcessInstance</action>
>    </authorization>
> </role>
> -- 
> -- 
> Petr G.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150803/7598acb3/attachment.htm>


More information about the midPoint mailing list