[midPoint] Delegated administrator
Petr Gašparík
petr at gasparik.cz
Fri Jul 31 17:24:19 CEST 2015
Hi,
I tried to setup delegated administrator for organization (user
management + workflow tasks) and ended with role like below. This, assigned
to user, does not allow him to see attributes when creating user, thus
admin can't enter values into them (name, for example).
What am I missing? Is there example for delegated administrator? (I checked
web and git already)
regards
Petr G.
-------------------------------------------
<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:ri="
http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
oid="delegatedAdmin"
version="23">
<name>Delegated administrator</name>
<activation>
<effectiveStatus>enabled</effectiveStatus>
</activation>
<iteration>0</iteration>
<iterationToken/>
<authorization id="1">
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
</action>
<object>
<type>OrgType</type>
</object>
<object>
<type>ResourceType</type>
</object>
<object>
<type>RoleType</type>
</object>
<object>
<type>ShadowType</type>
</object>
<object>
<type>UserType</type>
<orgRef xmlns:tns="
http://midpoint.evolveum.com/xml/ns/public/common/common-3"
oid="3404b331-57c0-4bef-b699-0192ce8d728b"
type="tns:OrgType"></orgRef>
</object>
</authorization>
<authorization id="2">
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#users
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#userDetails
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#findUsers
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#orgTree
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItems
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItem
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsMyRequests
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsProcessInstance
</action>
</authorization>
</role>
--
--
Petr G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150731/5892a2fb/attachment.htm>
More information about the midPoint
mailing list