[midPoint] Problem With midpoint.searchObjects in approverExpression
pdbogen at cernu.us
pdbogen at cernu.us
Wed Sep 21 00:06:19 CEST 2016
Hi, Pavol.
On Tue, Sep 20, 2016 at 11:52:13PM +0200, Pavol Mederly wrote:
> a possible cause: the operation runs under the user who requests the
> operation. If he has restricted rights, it might be possible he simply
> does not see alice.
Thanks! This was exactly the problem. I added an authorization to
040-role-enduser.xml like so:
<authorization>
<name>users-read</name>
<description>
Allow to read basic user properties to be able to display requestor details in the
approval forms.
</description>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<object>
<type>UserType</type>
</object>
<item>name</item>
</authorization>
..and it's working now. Specifically, the variant using
ObjectQueryUtil.createNameQuery.
--
.
Patrick Bogen .
...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160920/b775be6c/attachment.sig>
More information about the midPoint
mailing list