[midPoint] Authorizations not being inherited

Pavol Mederly mederly at evolveum.com
Mon Jan 9 14:41:44 CET 2017 

Martin,

I've played with your case for a while and it seems that 
*<focusType>UserType</focusType>* is the problem. After removing it, the 
authorizations are propagated correctly.

I'm not sure why it is so; as it should work, as far as I know. I 
suspect a bug at AssignmentEvaluator:682, but I'm not sure.

Maybe you could file a JIRA for this.

Pavol Mederly
Software developer
evolveum.com

On 03.01.2017 19:10, Martin Marchese wrote:
> Hi All,
>
> Within our MidPoint 3.5 deployment, we have created an Org Structure 
> which induces a role to users.
>
> This role, contains all kind of authorizations for users (REST 
> acccess, GUI access, etc).
>
> Once the organization is assigned to a user, it gets the role assigned 
> but not the authorizations. However, if we assign the role directly to 
> the user, all the authorizations are assigned OK.
>
> I was wondering if there is not any kind of order for authorizations 
> (as it is for inducements). Or anything that we might be missing in 
> our objects?
>
> Below, I send the examples of how our Org and Role look like:
>
>
> Org:
> -----
> <org oid="00000000-0000-1de4-0009-000000000001">
>    <name>MEGC</name>
> ...
>     <inducement id="6">
>       <targetRef oid="00000000-0000-1de4-0003-000000000001" 
> type="RoleType"></targetRef>
>       <orderConstraint>
>         <orderMax>unbounded</orderMax>
>       </orderConstraint>
>       <focusType>UserType</focusType>
>      </inducement>
> ...
> </org>
>
> Role:
> -------
>
> <role oid="00000000-0000-1de4-0003-000000000001"
>       
> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"> 
>   <name>MidPoint Custom User</name>
>   <roleType>APPLICATION</roleType>
> <authorization>
> <description>Permisos GUI</description>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard</action>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</action>
> </authorization>
> ...
> </role>
>
> Thanks in Advance
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> mmarchese at identicum.com <mailto:mmarchese at identicum.com>
> www.identicum.com <http://www.identicum.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170109/867ad676/attachment.htm>

More information about the midPoint mailing list