[midPoint] Authorizing access to reports

Aivo Kuhlberg aivo.kuhlberg at rmit.ee
Thu Sep 15 12:54:47 CEST 2016 

I think I figured out what my problem was. Seems that there exists also ReportOutputType. So the following additional authorization solved my problems:

<authorization>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
  <object>
     <type>ReportOutputType</type>
  </object>
</authorization>

Best Regards,
Aivo Kuhlberg

________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelAivo Kuhlberg <aivo.kuhlberg at rmit.ee>
Saadetud: 15. september 2016 13:40
Adressaat: midpoint
Teema: [midPoint] Authorizing access to reports


I want to create a role which gives user ability to access reports section. User should see reports, run them and access the generated reports. Unfortunately there is not much information found in wiki about reports authorization. So far I figured out how to give access to reports section by adding reportsAll GUI authorization. I also figured out that there exists ReportType object and by adding read ability to that object I succeeded to run report. Unfortunately I dont see any created reports. Seems that there is still some authorization missing. My current authorizations in role are following:


<authorization>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAll</action>
</authorization>
<authorization>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
  <object>
     <type>ReportType</type>
  </object>
</authorization>

Best Regards,
Aivo Kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160915/a941dcda/attachment.htm>

More information about the midPoint mailing list