[midPoint] Displaying the “edit” Org button in the OrgTree page with authorizations
Frédéric Lohier
frederic at lohier.org
Thu Jul 18 09:46:36 CEST 2019
Hello,
I found my mistake. I confused <target> (which is only useful for
assignment authorization if I understood well) and <object>.
I replaced <target> by <object> in my authorization and it works as
intended.
-Frederic
On Sat, Jul 13, 2019, 00:07 Frédéric Lohier <frederic at lohier.org> wrote:
> Hello,
>
>
> I am setting up some roles with authorizations. In my example below, I
> want to specify the list of items displayed in the GUI and specify some of
> them as read only depending on the time the user is assigned to.
>
> The problem is that with these authorizations, the user assigned to this
> role *cannot see the "edit" link in the contextual menu* (small cog) of
> organizations in the Organization tree view/page. If I add the adminOrgMove
> authorization, the "move" appears, but I could not find the equivalent for
> the "edit" button.
>
> Any suggestions of what I am missing?
>
> some_role.xml :
>
> <authorization>
>
> <name>GUI authorizations</name>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems
> </action>
>
> </authorization>
>
>
>
> <authorization>
>
> <name>Organization add authorization</name>
>
> <target>
>
> <type>OrgType</type>
>
> </target>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
> </action>
>
> </authorization>
>
>
>
> <authorization>
>
> <name>Organization items read authorizations</name>
>
> <target>
>
> <type>OrgType</type>
>
> </target>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
> </action>
>
> <item>name</item>
>
> <item>description</item>
>
> <item>displayName</item>
>
> <item>emailAddress</item>
>
> <item>telephoneNumber</item>
>
> <item>jpegPhoto</item>
>
> <item>identifier</item>
>
> <item>mailDomain</item>
>
> <item>displayOrder</item>
>
> <item>locale</item>
>
> <item>preferredLanguage</item>
>
> <item>locality</item>
>
> <item>lifecycleState</item>
>
> </authorization>
>
>
>
> <authorization>
>
> <name>Organization items modify authorizations</name>
>
> <target>
>
> <type>OrgType</type>
>
> </target>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
> </action>
>
> <item>name</item>
>
> <item>description</item>
>
> <item>displayName</item>
>
> <item>emailAddress</item>
>
> <item>telephoneNumber</item>
>
> <item>jpegPhoto</item>
>
> </authorization>
>
>
>
> <authorization>
>
> <name>Organization items get and search authorizations</name>
>
> <target>
>
> <type>OrgType</type>
>
> </target>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get
> </action>
>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search
> </action>
>
> </authorization>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190718/db38c84c/attachment.htm>
More information about the midPoint
mailing list