[midPoint] Create a role with read permission on users

Pálos Gustáv gustav.palos at evolveum.com
Thu Feb 23 15:27:44 CET 2017


Hi Marco,

you started correctly with this wiki page:
https://wiki.evolveum.com/display/midPoint/GUI+Authorizations
but you need also to read & apply this:
https://wiki.evolveum.com/display/midPoint/Authorization+Configuration
if you have a problem, you can apply this:
https://wiki.evolveum.com/display/midPoint/Troubleshooting+Authorizations
and if nothing helped, please reply again to this subject your complete
actual role config and we try to help.

> PS: My other midpoint users do not have the "end user" role because they
do not have to access on midPoint.
Is this the "problem"?

no, it is OK.

Best regards,

Gustav

2017-02-23 15:16 GMT+01:00 Marco Benucci <m.benucci at nsr.it>:

> Hi,
>
> I'm on midpoint 3.4.1 and I would like to create a role that grants to a
> user to list all other users
> and see (only see, not modify) their Basic, Projection and Assignment tabs.
>
> I have assigned to this user the role "end user" and I created the role
> "Guest" with the
> the authorization
> http://midpoint.evolveum.com/xml/ns/public/security/
> authorization-ui-3#users
> and
> http://midpoint.evolveum.com/xml/ns/public/security/
> authorization-ui-3#userDetails
>
> but this user can see only himself.
>
> PS: My other midpoint users do not have the "end user" role because they
> do not have to access on midPoint.
> Is this the "problem"?
>
> Thank you
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
Gustáv Pálos
Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170223/fecde1a0/attachment.htm>


More information about the midPoint mailing list