[midPoint] Allowing end users to request association to roles or organisations.
Christopher Hoskin
christopher.hoskin at gmail.com
Wed Dec 13 14:57:05 CET 2017
Hello,
I'm evaluating MidPoint for my employer.
One of the features that we're interested in is allowing end users to
request association with a role or organisation. If I log in to the web
interface as the administrator, then I can see roles and organisations
under 'Request a role'. If I log in as a user with an assignment to the
'End User' role, then I can't see any roles or organisations to request an
association with.
Doing a little reading, it appears that the user needs a role with the
'selfRequestAssignment' authorization. So I have created a copy of the End
User role and added the following authorization:
<authorization id="11">
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfRequestAssignment
</action>
<object>
<special>self</special>
</object>
</authorization>
However, when I log in as a user with this new role, I am still unable to
see any roles or organisations to request association with.
Have I got something wrong? Is there something else I need to do?
Thanks.
Christopher Hoskin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171213/e4584aad/attachment.htm>
More information about the midPoint
mailing list