[midPoint] Authorizations not being inherited

Tue Jan 3 19:10:45 CET 2017

Hi All,

Within our MidPoint 3.5 deployment, we have created an Org Structure which
induces a role to users.

This role, contains all kind of authorizations for users (REST acccess, GUI
access, etc).

Once the organization is assigned to a user, it gets the role assigned but
not the authorizations. However, if we assign the role directly to the
user, all the authorizations are assigned OK.

I was wondering if there is not any kind of order for authorizations (as it
is for inducements). Or anything that we might be missing in our objects?

Below, I send the examples of how our Org and Role look like:

Org:
-----
<org oid="00000000-0000-1de4-0009-000000000001">
   <name>MEGC</name>
...
    <inducement id="6">
      <targetRef oid="00000000-0000-1de4-0003-000000000001"
type="RoleType"></targetRef>
      <orderConstraint>
        <orderMax>unbounded</orderMax>
      </orderConstraint>
      <focusType>UserType</focusType>
     </inducement>
...
</org>

Role:
-------

<role oid="00000000-0000-1de4-0003-000000000001"
      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
  <name>MidPoint Custom User</name>
  <roleType>APPLICATION</roleType>
<authorization>
<description>Permisos GUI</description>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials
</action>
</authorization>
...
</role>

Thanks in Advance

*Ing. Martín Marchese*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
mmarchese at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170103/9c6f6e0d/attachment.htm>