[midPoint] Authorization restriction to some certain objects in Assignments window in User profile
Ivan Noris
ivan.noris at evolveum.com
Mon Jul 9 21:08:54 CEST 2018
Hi Oleksandr,
please see the referenced jira issue with example that I reported
earlier and was fixed meanwhile.
https://jira.evolveum.com/browse/MID-3615
Maybe you're only missing the q:matching element. Or target; as
assign/unassign are target-aware.
Best regards,
Ivan
On 06.07.2018 13:54, Oleksandr Nekriach wrote:
> Hello,
> I am stuck. Is it possible to restrict access to some certain objects
> only (role with Role- prefix only e.g) in Assignments window in User
> profile .
> Something like this but this example does not work.
>
> <authorization>
> <name>AssignGUI</name>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</action>
>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</action>
> <description>Assign/unassign in admin GUI (role
> profile)</description>
> <c:object>
> <c:type>RoleType</c:type>
> </c:object>
> <filter>
> <q:substring>
> <q:path>name</q:path>
> <q:value>Role-</q:value>
> <q:anchorStart>true</q:anchorStart>
> </q:substring>
> </filter>
> </authorization>
>
>
>
>
>
> --
> Best regards,
>
>
>
> Oleksandr Nekriach | Identity and access management engineer
>
> Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
> <https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g>
>
>
> +37125314685 <tel:+371%2025%20314%20685>
> ,
> o.nekriach at dynatech.lv <mailto:o.nekriach at dynatech.lv>
> |
> www.dynatech.lv <http://www.dynatech.lv>
>
>
> Stay connected:
> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
> <https://www.linkedin.com/company-beta/17893047/>
>
>
> Confidentiality Notice: This message contains confidential information
> and is intended only for the named recipient(s). If you are not the
> addressee you may not copy, distribute or perform any other activities
> with this information. If you have received this transmission in
> error, please notify us by e-mail immediately. E-mail transmission
> cannot be guaranteed to be secure or error-free as information could
> be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
> or contain viruses.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180709/6310d6a8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180709/6310d6a8/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180709/6310d6a8/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180709/6310d6a8/attachment-0002.png>
More information about the midPoint
mailing list