[midPoint] Problem closing In remediation certification stage campaign

Aivo Kuhlberg aivo.kuhlberg at rmit.ee
Fri Sep 16 10:40:12 CEST 2016 

I have created special user who should have access to manage all certification tasks. Unfortunately this user cannot close the certification stage campaign when the campaign is in state 'In remediation'.
I have assigned to user role which has following authorizations:

    <authorization  id="1">
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#certificationAll</action>
    </authorization>
    <authorization  id="2">
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#createCertificationCampaign</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaign</action>
        <object>
            <type>AccessCertificationDefinitionType</type>
        </object>
    </authorization>
    <authorization id="3">
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#openCertificationCampaignReviewStage</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaignReviewStage</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#startCertificationRemediation</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaign</action>
        <object>
            <type>AccessCertificationCampaignType</type>
        </object>
    </authorization>

Notice that I have set 'closeCertificationCampaign' auth both for 'AccessCertificationDefinitionType' and 'AccessCertificationCampaignType' (wiki says<https://wiki.evolveum.com/display/midPoint/Access+Certification+Security> that this should be set only for 'AccessCertificationCampaignType').
In addition to these authorizations user has role 'Reviewer' assigned.
I have created certification definition and set remediation to 'Manual reconciliation (non-conformant items are reported)'.
After that I created new campaign, started it and closed the stage. Then I started the remediation. So far it works fine but when I want to close the campaing which is now in remediation stage I see following error:
User ''certmanager'' not authorized for operation http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaign


Best Regards,

Aivo kuhlberg

________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160916/90c6977c/attachment.htm>

More information about the midPoint mailing list