[midPoint] Problem With midpoint.searchObjects in approverExpression

pdbogen at cernu.us pdbogen at cernu.us
Wed Sep 21 00:06:19 CEST 2016


Hi, Pavol.

On Tue, Sep 20, 2016 at 11:52:13PM +0200, Pavol Mederly wrote:
> a possible cause: the operation runs under the user who requests the 
> operation. If he has restricted rights, it might be possible he simply 
> does not see alice.

Thanks! This was exactly the problem. I added an authorization to 
040-role-enduser.xml like so:

    <authorization>
      <name>users-read</name>
      <description>
        Allow to read basic user properties to be able to display requestor details in the
        approval forms.
      </description>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
        <object>
            <type>UserType</type>
        </object>
        <item>name</item>
    </authorization>

..and it's working now. Specifically, the variant using 
ObjectQueryUtil.createNameQuery.

-- 
             .
Patrick Bogen .
            ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160920/b775be6c/attachment.sig>


More information about the midPoint mailing list