[midPoint] Authorizing access to reports

Radovan Semancik radovan.semancik at evolveum.com
Thu Sep 15 13:45:38 CEST 2016


That's right. There is a distinction between accessing report 
definitions (e.g. parameters, scheduling info) and accessing report 
outputs (e.g. the PDF files produced by the report tasks).

-- 
Radovan Semancik
Software Architect
evolveum.com



On 09/15/2016 12:54 PM, Aivo Kuhlberg wrote:
>
> I think I figured out what my problem was. Seems that there exists 
> also ReportOutputType. So the following additional authorization 
> solved my problems:
>
> <authorization>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
>   <object>
> <type>ReportOutputType</type>
>   </object>
> </authorization>
>
> Best Regards,
> Aivo Kuhlberg
>
> ------------------------------------------------------------------------
> *Saatja:* midPoint <midpoint-bounces at lists.evolveum.com> nimelAivo 
> Kuhlberg <aivo.kuhlberg at rmit.ee>
> *Saadetud:* 15. september 2016 13:40
> *Adressaat:* midpoint
> *Teema:* [midPoint] Authorizing access to reports
>
> I want to create a role which gives user ability to access reports 
> section. User should see reports, run them and access the generated 
> reports. Unfortunately there is not much information found in wiki 
> about reports authorization. So far I figured out how to give access 
> to reports section by adding reportsAll GUI authorization. I also 
> figured out that there exists ReportType object and by adding read 
> ability to that object I succeeded to run report. Unfortunately I dont 
> see any created reports. Seems that there is still some authorization 
> missing. My current authorizations in role are following:
>
> <authorization>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#reportsAll</action>
> </authorization>
> <authorization>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
>   <object>
> <type>ReportType</type>
>   </object>
> </authorization>
>
> Best Regards,
> Aivo Kuhlberg
>
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
> ------------------------------------------------------------------------
> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks 
> tunnistatud teavet.
> This e-mail may contain information which is classified for official use.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160915/58e0a9a3/attachment.htm>


More information about the midPoint mailing list