[midPoint] Authorization : can’t display the add or delete assignment button in the user assignment tab
Frédéric Lohier
frederic at lohier.org
Tue Jul 30 13:46:20 CEST 2019
Hi all,
I would like to authorize a user to assign or unasign roles to other users.
I thought it was a pretty straightforward authorization like :
<authorization>
<name>User assignment authorizations</name>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign
</action>
<action>
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign
</action>
<object>
<type>UserType</type>
</object>
<target>
<type>RoleType</type>
</target>
</authorization>
But the “add” (+) and “delete” (-) buttons in the user’s assignment tab in
the user edit page are still not visible (see screenshot attached).
However, I can add a role member from the role member tab in the role edit
page.
During my tests, I authorized all GUI (
http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all)
to remove the GUI authorizations from the equation, and I added all
authorization-model-3 authorizations found here (
https://github.com/Evolveum/midpoint/blob/support-3.9/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java),
but these buttons are still not showing.
I looked at the security log trace but did not see any meaningful deny.
Is this a bug I should report in JIRA?
-Frederic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190730/f351212c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Midpoint-authorization-assign-unassign.png
Type: image/png
Size: 100317 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190730/f351212c/attachment.png>
More information about the midPoint
mailing list