[midPoint] Restrict role visibility
Radovan Semancik
radovan.semancik at evolveum.com
Wed Aug 3 16:17:34 CEST 2016
Hi,
It is not only possible. It is something that midPoint was designed for.
Just use MidPoint authorization system:
https://wiki.evolveum.com/display/midPoint/Authorization+Configuration
You can also find many examples for authorizations in our integration tests:
https://github.com/Evolveum/midpoint/tree/master/model/model-intest/src/test/resources/security
E.g. this is how you restrict which roles are assignable:
https://github.com/Evolveum/midpoint/blob/master/model/model-intest/src/test/resources/security/role-assign-application-roles.xml
MidPoint orgs also act as roles. So if you want to allow members of some
org to request some set of roles just put that authorization directly
into the org.
--
Radovan Semancik
Software Architect
evolveum.com
On 08/03/2016 03:06 PM, Grzegorz Lechowicz wrote:
> Hi everyone,
>
> I'm just testing MidPoint IDM 3.4 and I try to do some basic tests to
> see if it fit in our company requirements.
> The one of the requirements is to prevent users from seeing all the
> roles available in organization. For example 'role 01' should only be
> available to request in organization 'org 01' and role 'role 02'
> should only be visible in 'org 02' organization.
>
> So just to clarify: user that belongs to 'org 01' should only see role
> 'role 01' and not 'role 02'.
>
> Is it possible?
>
> regards
> theGrzeniek
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160803/146f04dc/attachment.htm>
More information about the midPoint
mailing list