[midPoint] Authorizing access to reports

Aivo Kuhlberg aivo.kuhlberg at rmit.ee
Thu Sep 15 13:45:41 CEST 2016


I was too optimistic in my previous mail. In principle reporting functions now works but when I view the generate reports then the reported results dependent on the authorization of the user who generated the report. To save my time figuring out correct authorizations for each report is it possible to run reports under other user name who has more rights (eg administrator)?

Best Regards,
Aivo Kuhlberg

________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelAivo Kuhlberg <aivo.kuhlberg at rmit.ee>
Saadetud: 15. september 2016 13:54
Adressaat: midPoint General Discussion
Teema: Re: [midPoint] Authorizing access to reports


I think I figured out what my problem was. Seems that there exists also ReportOutputType. So the following additional authorization solved my problems:

<authorization>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
  <object>
     <type>ReportOutputType</type>
  </object>
</authorization>

Best Regards,
Aivo Kuhlberg

________________________________
Saatja: midPoint <midpoint-bounces at lists.evolveum.com> nimelAivo Kuhlberg <aivo.kuhlberg at rmit.ee>
Saadetud: 15. september 2016 13:40
Adressaat: midpoint
Teema: [midPoint] Authorizing access to reports


I want to create a role which gives user ability to access reports section. User should see reports, run them and access the generated reports. Unfortunately there is not much information found in wiki about reports authorization. So far I figured out how to give access to reports section by adding reportsAll GUI authorization. I also figured out that there exists ReportType object and by adding read ability to that object I succeeded to run report. Unfortunately I dont see any created reports. Seems that there is still some authorization missing. My current authorizations in role are following:


<authorization>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAll</action>
</authorization>
<authorization>
  <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
  <object>
     <type>ReportType</type>
  </object>
</authorization>

Best Regards,
Aivo Kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160915/6085fce8/attachment.htm>


More information about the midPoint mailing list