[midPoint] SuperUser Persistence

Pavol Mederly mederly at evolveum.com
Tue Jan 23 01:16:43 CET 2018


Hello Seth,

what you see is Superuser role. It can be assigned to any account, 
effectively providing that account with "root" privileges.

In fact, there's nothing hardcoded. The role can have any name, any OID. 
What is important, is

<authorization>
     
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all 
<http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all></action>
</authorization>

(The URI ...#all is a predefined constant in midPoint, giving all access 
within the system.)

------------------------------------------------------------------------
Anyway, midPoint is far too complex to be understood by exploring its 
GUI. I would strongly recommend reading this e-book that will provide 
you with solid understanding of basic concepts: 
https://evolveum.com/midpoint/midpoint-guide-about-practical-identity-management/. 
And, as midPoint in latest version (3.7) is really easy to install, it 
is the best to install a "playground" midPoint instance and explore it 
without fear of breaking anything.

Pavol Mederly
Software developer
evolveum.com

On 23.01.2018 1:01, Seth McCombs wrote:
> Hey All,
>
> I inherited a running MidPoint install, and while all is working well, 
> I am trying to learn as much about the system as I can. One thing I 
> have found is that when I provide my account with SuperUser access 
> (after logging in as root account), I then log back in a day or two 
> later, and my super user access is gone. I've only just started 
> digging through configs and logs, but I have little idea where to 
> start, one thing I have found is this XML file - (See output below)
>
>
> <role oid=“00000000-0000-0000-0000-000000000004”
> xmlns=“http://midpoint.evolveum.com/xml/ns/public/common/common-3 
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>">
> <name>Superuser</name>
> <description>Role that gives user full authorization in 
> MidPoint.</description>
> <authorization>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all 
> <http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#all></action>
> </authorization>
> <roleType>system</roleType>
> </role>
>
> It seems to me that the superuser is possibly hard coded, but I don't 
> know where that above link leads nore how to fix this,
>
> Any advice is MUCH appreciated!
>
> Cheers!
>
> Seth McCombs
> IT Operations Engineer
> +1 510.514.5855
> seth at sourceclear.com <mailto:seth at sourceclear.com>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180123/84c8201a/attachment.htm>


More information about the midPoint mailing list