[midPoint] Authorization issue for items from an extension schema
Frédéric Lohier
frederic at lohier.org
Fri Jul 12 15:59:08 CEST 2019
Hello,
I have an authorization in a role to allow a list of specific items of the
User schema to be read by users who has this role assigned.
This works well for items in the standard User schema, but when I try to do
the same with items from an extension schema of UserType, it is not working.
For example, in my-role.xml file, I have the following authorization :
<role (…) xmlns:ext="http://my-user-extension/extension">
<authorization>
<name>Users item read authorizations</name>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
</action>
<target>
<type>UserType</type>
</target>
<item>customItem</item>
<item>ext:customItem</item>
<item>extension/customItem</item>
<item>extension/ext:customItem</item>
<item>$user/extension/customItem</item>
<item>$user/extension/ext:customItem</item>
<item>emailAddress</item>
</authorization>
</role>
In the extension-user.xsd, I set the namespace for the extension and
declare my customItem like this :
<xsd:schema (…) targetNamespace="http://my-user-extension/extension"
xmlns:tns="http://my-user-extension/extension" >
<xsd:complexType name="UserExtensionType">
<xsd:annotation>
<xsd:appinfo>
<a:extension ref="c:UserType"/>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="customItem" minOccurs="0" maxOccurs="1"
type="xsd:int">
<xsd:annotation>
<xsd:appinfo>
<a:indexed>true</a:indexed>
<a:displayName>My custom user item</a:displayName>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
Am I missing something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190712/00e33ebf/attachment.htm>
More information about the midPoint
mailing list