[midPoint] REST authorization

Pavol Mederly mederly at evolveum.com
Tue Jan 12 21:41:39 CET 2016 

Hello Cameron,

by default, the access to REST interface is not allowed (except for 
users that have all authorizations, like holders of Superuser role).

As you correctly said, the authorization-rest-3 namespace is to be used; 
namely, the following authorization action:

*http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all*

For example, this role gives access to the REST interface:

<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
    <name>rest-role</name>
    <activation>
<effectiveStatus>enabled</effectiveStatus>
    </activation>
    <displayName>REST role</displayName>
    <authorization id="1">
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all</action>
    </authorization>
</role>

Please note that this enables to use REST interface as such. In order to 
invoke any specific functionality (like reading or modifying a user 
object) you have to provide authorization(s) for these actions as well.

Best regards,
Pavol


On 11. 1. 2016 23:17, Cameron Miller wrote:
>
> Hi,
>
> How does one go about restricting access to the REST API through user 
> roles?
>
> I can’t find any documentation aside from one bug request on JIRA 
> (https://jira.evolveum.com/browse/MID-1967) which mentions an 
> authorization-rest-3 namespace but I have no idea what is in that 
> namespace.
>
> Regards,
>
> Cameron
>
>
>
> /This email, and any attachment, is confidential and also privileged. 
> If you have received it in error, please notify me immediately and 
> delete it from your system along with any attachments. You should not 
> copy or use it for any purpose, nor disclose its contents to any other 
> person. /
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160112/1be3a029/attachment.htm>

More information about the midPoint mailing list