[midPoint] Services - GUI Authorization

Brad Firestone bhotrock at gmail.com
Thu Feb 15 16:17:58 CET 2018


Thank you Pavol,

I'm sorry I haven't responded sooner.  I've been working on other 
projects, and other parts of midPoint.
I've setup some "Services" and those are working great for what we 
need.  I'm hoping to start work on the delegated admin aspects soon.  
Thanks for sending the URIs.
Have a great day!
Brad

On 2/5/18, 11:03 AM, Pavol Mederly wrote:
>
> Hello Brad,
>
> looking at the source code I would say that correct URIs for services are
>
>   * ...#servicesAll
>   * ...#services
>   * ...#service
>
> (analogous to #rolesAll, #roles, #role). But please try if it works as 
> expected.
>
> As for the conceptual question about using services instead of roles: 
> I think it might be a good idea, even if I haven't heard of anyone 
> doing that before. :) Please have a look at this page: 
> https://wiki.evolveum.com/display/midPoint/Roles%2C+Services+and+Orgs 
> (I think you maybe already did that.)
>
> Technically, the main difference between RoleType, ServiceType, and 
> OrgType is that midPoint maintains a closure table for OrgType objects 
> in order to quickly answer queries like "is X a child of Y 
> (potentially via more intermediaries)?" Besides that, all of them can 
> carry inducements, authorizations, mappings, etc - as these are 
> defined in parent type called AbstractRoleType.
>
> So, yes, maybe using services instead of roles might be a good idea. 
> Perhaps Radovan could comment on this as well after returning from 
> TIIME meeting.
>
> Pavol Mederly
> Software developer
> evolveum.com
> On 02.02.2018 1:14, Brad Firestone wrote:
>> Hello,
>>
>> I am planning to make use of Services in place of Roles to grant 
>> users access to a "service" that we provide.  An example might be 
>> "Email".  If I understand correctly, it seems like this is a good use 
>> of Services since I'm giving access to a service.  If I used Roles, I 
>> would probably assign the Role: Email User.  Services just seems more 
>> natural.  If I'm not understanding Services correctly, please let me 
>> know.
>>
>> My other question is how to assign the correct authorizations for a 
>> "delegated administrator" to be able to work with Services.  On the 
>> wiki page:
>>
>> https://wiki.evolveum.com/display/midPoint/GUI+Authorizations
>>
>> I find the list of all the actions including Org, Roles, and many 
>> others.  But I don't see "Services" anywhere in the list.  So I'm not 
>> sure how to grant authorization for the delegated administrator to 
>> work with Services.  If it's not possible without giving "all" 
>> access, that's okay.  I just want to know before I go too far into 
>> setting up Services.
>>
>> Thank you!
>> Brad
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180215/4fb4769d/attachment.htm>


More information about the midPoint mailing list