[midPoint] Delegated administrator
Ivan Noris
ivan.noris at evolveum.com
Mon Aug 3 08:35:55 CEST 2015
Hi Petr,
please check the *GUI* authorization namespaces, there was a change for
the upcoming 3.2.
e.g.
http://midpoint.evolveum.com/xml/ns/public/security/authorization*-ui*-3#dashboard
The End User and Superuser role are already modified in XML files, not
sure about the documentation...
Please try.
Regards,
Ivan
On 07/31/2015 05:24 PM, Petr Gašparík wrote:
> Hi,
> I tried to setup delegated administrator for organization (user
> management + workflow tasks) and ended with role like below. This,
> assigned to user, does not allow him to see attributes when creating
> user, thus admin can't enter values into them (name, for example).
>
> What am I missing? Is there example for delegated administrator? (I
> checked web and git already)
>
> regards
> Petr G.
>
> -------------------------------------------
>
> <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>
> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
> oid="delegatedAdmin"
> version="23">
> <name>Delegated administrator</name>
> <activation>
> <effectiveStatus>enabled</effectiveStatus>
> </activation>
> <iteration>0</iteration>
> <iterationToken/>
> <authorization id="1">
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
> <object>
> <type>OrgType</type>
> </object>
> <object>
> <type>ResourceType</type>
> </object>
> <object>
> <type>RoleType</type>
> </object>
> <object>
> <type>ShadowType</type>
> </object>
> <object>
> <type>UserType</type>
> <orgRef
> xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> oid="3404b331-57c0-4bef-b699-0192ce8d728b"
> type="tns:OrgType"></orgRef>
> </object>
> </authorization>
> <authorization id="2">
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#users</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#userDetails</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#findUsers</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#orgTree</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItems</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItem</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsMyRequests</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsProcessInstance</action>
> </authorization>
> </role>
> --
> --
> Petr G.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150803/7598acb3/attachment.htm>
More information about the midPoint
mailing list