[midPoint] Org structure visibility

Ivan Noris ivan.noris at evolveum.com
Thu Oct 6 09:42:07 CEST 2016 

Hi Michalis,

yes the End user role gives significantly more than needed for that
scenario. If it's not clear enough from the scenario descriptio (or
there is something that mislead you) please let me know and I will
update the texts.

I have not tested the scenario recently, so if there is any regression,
also let me know.

Thanks,

Ivan


On 10/06/2016 08:23 AM, Michalis Siochos wrote:
> Hello,
>
> Problem solved. I was testing with "End User" role assigned which
> provided more authorizations than I expected.
> When I unassigned and fine tuned my own role, it worked as expected.
>
> Thanks!
>
> On 10/06/2016 07:04 AM, Мамаева Сауле Сериковна wrote:
>> Hi, I'm also interested in this case. I faced the same problem.
>>
>> Best regards,
>> Saule Mamayeva
>> s.mamayeva at ktg.kz
>>
>> -----Original Message-----
>> From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf
>> Of Michalis Siochos
>> Sent: Wednesday, October 05, 2016 3:18 PM
>> To: midpoint at lists.evolveum.com
>> Subject: [midPoint] Org structure visibility
>>
>> Hi All,
>>
>> I'm trying to achieve something really straightforward with MidPoint
>> 3.4.1 I would like an OU Manager to be able to see the org structure
>> but only the OU(s) or subtree(s) he's managing.
>>
>> I've been following this story:
>> https://evolveum.com/blog/midpoint-goes-multitenant/
>>
>> However, when I add the following authorizations, the manager gets
>> full view of the org structure
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct</action>
>> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree</action>
>>
>>
>> I have tried tenant orgs but no luck.
>>
>> It seems that I miss something. Could you please advise?
>>
>> Thanks!
>> Michalis
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

More information about the midPoint mailing list