[midPoint] End User Role -- Permission denied for reading resource account

Florin. Stingaciu fstingaciu at mirantis.com
Wed May 25 20:29:00 CEST 2016


Here's the a pastebin with the End User role: http://pastebin.com/hufRebnK

I just tried the same action within my dev environment (the account has
groups as well), using this exact same role, and everything worked fine.
This leads me to believe there might be a different issue here?

Thanks,
-F

On Wed, May 25, 2016 at 11:15 AM, Florin. Stingaciu <fstingaciu at mirantis.com
> wrote:

> Hey Ivan,
>
> Yes, indeed. This other account does reference groups. I'm assuming this
> means there's an authorization action for reading groups?
>
> The end user role is just the default one that comes with midpoint. I'm
> using version 3.3.1.
>
> Thanks,
> -F
>
> On Wed, May 25, 2016 at 11:10 AM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>> Hi Florin,
>>
>> is the other account referencing any associations (groups)? If you open
>> the same user as administrator. Most of the times this was my problem, if I
>> had not good End user role.
>>
>> Which midPoint version is this?
>>
>> Ivan
>>
>>
>> On 05/25/2016 07:09 PM, Florin. Stingaciu wrote:
>>
>> Hello,
>>
>> I'm trying to use the End User role to allow users to login and verify
>> their accounts. The definition for the End User role is the default
>> definition, however when I log in as an End User, one of two of my
>> resources fails to load with the following error:
>>
>> 2016-05-25 17:05:17,699 [] [http-bio-8443-exec-2] ERROR
>> (com.evolveum.midpoint.web.page.admin.PageAdminFocus): Couldn't load
>> account, reason: Access denied (class
>> com.evolveum.midpoint.util.exception.AuthorizationException)
>>
>> I've used the End User role before without ever having any issues, and
>> the fact that it loads the other resource just fine is making me a little
>> worried. Any guidance would be greatly appreciated.
>>
>> Thanks,
>>
>> -F
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160525/8b21e338/attachment.htm>


More information about the midPoint mailing list