[midPoint] Delegated administrator
Ivan Noris
ivan.noris at evolveum.com
Mon Aug 3 14:39:19 CEST 2015
Hi Petr,
I can't see #add operation authorization for UserType. Only #modify (and
#read). But as you seem to allow only creation of Users in some
organization (by reference), it's possible that you will need some more
things later.
Please try to add #add authorization to be able to create users.
Regards,
Ivan
On 08/03/2015 01:46 PM, Petr Gašparík wrote:
> Thank you, Ivan, this is for 3.1.1 ... I can see users and their
> attributes, but I can't create new one - see below.
>
> Clip398.png
>
>
> po 3. 8. 2015 v 8:36 odesílatel Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>> napsal:
>
> Hi Petr,
>
> please check the *GUI* authorization namespaces, there was a
> change for the upcoming 3.2.
>
> e.g.
> http://midpoint.evolveum.com/xml/ns/public/security/authorization*-ui*-3#dashboard
>
> The End User and Superuser role are already modified in XML files,
> not sure about the documentation...
>
> Please try.
> Regards,
> Ivan
>
>
> On 07/31/2015 05:24 PM, Petr Gašparík wrote:
>> Hi,
>> I tried to setup delegated administrator for organization (user
>> management + workflow tasks) and ended with role like below.
>> This, assigned to user, does not allow him to see attributes when
>> creating user, thus admin can't enter values into them (name, for
>> example).
>>
>> What am I missing? Is there example for delegated administrator?
>> (I checked web and git already)
>>
>> regards
>> Petr G.
>>
>> -------------------------------------------
>>
>> <role
>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>
>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
>> oid="delegatedAdmin"
>> version="23">
>> <name>Delegated administrator</name>
>> <activation>
>> <effectiveStatus>enabled</effectiveStatus>
>> </activation>
>> <iteration>0</iteration>
>> <iterationToken/>
>> <authorization id="1">
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
>> <object>
>> <type>OrgType</type>
>> </object>
>> <object>
>> <type>ResourceType</type>
>> </object>
>> <object>
>> <type>RoleType</type>
>> </object>
>> <object>
>> <type>ShadowType</type>
>> </object>
>> <object>
>> <type>UserType</type>
>> <orgRef
>> xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> oid="3404b331-57c0-4bef-b699-0192ce8d728b"
>> type="tns:OrgType"></orgRef>
>> </object>
>> </authorization>
>> <authorization id="2">
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#users</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#userDetails</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#findUsers</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#orgTree</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItems</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItem</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsMyRequests</action>
>>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsProcessInstance</action>
>> </authorization>
>> </role>
>> --
>> --
>> Petr G.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com <http://evolveum.com> evolveum.com/blog/ <http://evolveum.com/blog/>
> ___________________________________________________
> "Semper Id(e)M Vix."
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> --
> Petr G.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150803/22633c8d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 30488 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150803/22633c8d/attachment.png>
More information about the midPoint
mailing list