[midPoint] Displaying the “edit” Org button in the OrgTree page with authorizations

Frédéric Lohier frederic at lohier.org
Sat Jul 13 00:07:33 CEST 2019


Hello,


I am setting up some roles with authorizations. In my example below, I want
to specify the list of items displayed in the GUI and specify some of them
as read only depending on the time the user is assigned to.

The problem is that with these authorizations, the user assigned to this
role *cannot see the "edit" link in the contextual menu* (small cog) of
organizations in the Organization tree view/page. If I add the adminOrgMove
authorization, the "move" appears, but I could not find the equivalent for
the "edit" button.

Any suggestions of what I am missing?

some_role.xml :

<authorization>

        <name>GUI authorizations</name>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems
</action>

    </authorization>



<authorization>

        <name>Organization add authorization</name>

        <target>

            <type>OrgType</type>

        </target>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
</action>

    </authorization>



    <authorization>

        <name>Organization items read authorizations</name>

        <target>

            <type>OrgType</type>

        </target>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
</action>

        <item>name</item>

        <item>description</item>

        <item>displayName</item>

        <item>emailAddress</item>

        <item>telephoneNumber</item>

        <item>jpegPhoto</item>

        <item>identifier</item>

        <item>mailDomain</item>

        <item>displayOrder</item>

        <item>locale</item>

        <item>preferredLanguage</item>

        <item>locality</item>

        <item>lifecycleState</item>

    </authorization>



    <authorization>

        <name>Organization items modify authorizations</name>

        <target>

            <type>OrgType</type>

        </target>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
</action>

        <item>name</item>

        <item>description</item>

        <item>displayName</item>

        <item>emailAddress</item>

        <item>telephoneNumber</item>

        <item>jpegPhoto</item>

    </authorization>



    <authorization>

        <name>Organization items get and search authorizations</name>

        <target>

            <type>OrgType</type>

        </target>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get
</action>

        <action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search
</action>

    </authorization>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190713/bb48ba4b/attachment.htm>


More information about the midPoint mailing list