[midPoint] Problem closing In remediation certification stage campaign
Aivo Kuhlberg
aivo.kuhlberg at rmit.ee
Fri Sep 16 10:40:12 CEST 2016
I have created special user who should have access to manage all certification tasks. Unfortunately this user cannot close the certification stage campaign when the campaign is in state 'In remediation'.
I have assigned to user role which has following authorizations:
<authorization id="1">
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#certificationAll</action>
</authorization>
<authorization id="2">
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#createCertificationCampaign</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaign</action>
<object>
<type>AccessCertificationDefinitionType</type>
</object>
</authorization>
<authorization id="3">
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#openCertificationCampaignReviewStage</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaignReviewStage</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#startCertificationRemediation</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaign</action>
<object>
<type>AccessCertificationCampaignType</type>
</object>
</authorization>
Notice that I have set 'closeCertificationCampaign' auth both for 'AccessCertificationDefinitionType' and 'AccessCertificationCampaignType' (wiki says<https://wiki.evolveum.com/display/midPoint/Access+Certification+Security> that this should be set only for 'AccessCertificationCampaignType').
In addition to these authorizations user has role 'Reviewer' assigned.
I have created certification definition and set remediation to 'Manual reconciliation (non-conformant items are reported)'.
After that I created new campaign, started it and closed the stage. Then I started the remediation. So far it works fine but when I want to close the campaing which is now in remediation stage I see following error:
User ''certmanager'' not authorized for operation http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#closeCertificationCampaign
Best Regards,
Aivo kuhlberg
________________________________
Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.
This e-mail may contain information which is classified for official use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160916/90c6977c/attachment.htm>
More information about the midPoint
mailing list