[midPoint] Allow user request roles for other users
Alexandre Zia
alexandre.zia at ifood.com.br
Tue Sep 25 03:53:14 CEST 2018
What authorizations do I need to setup to allow a user request roles for
other users?
Scenario:
- A user logs in Midpoint
- Add roles to the shopping cart,
- Click on "Target user" and selects other users
- Click on "Request"
If a normal user that has only "End User" role tries to do this, it gets an
error:
Could not save assignments. Reason:User ''XXXXXXX'' not authorized for
operation with assignment on
user:f8ad5b51-8da3-418a-b2f1-17ec923c2104(YYYYYY) with target
role:f972f8f9-3749-4683-84fd-993041f984c4(ZZZZZZZZ)
Is there any recomendation on how to do this?
Is there any security issues related?
All our roles have approvals associated, so we think this would not be an
issue.
Thanks
Alexandre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180924/e6ce17b1/attachment.htm>
More information about the midPoint
mailing list