[midPoint] Access to own cases / work items
Ivan Noris
ivan.noris at evolveum.com
Thu Jan 23 09:52:57 CET 2020
Hi, Luca and Peter
Also, the following may be needed:
<authorization>
<name>gui-self-service-access-own-request-lists-also-closed</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#casesView</action>
</authorization>
<authorization>
<name>gui-self-service-access-own-request-details</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#case</action>
</authorization>
This is what we use in the Advanced training. (A custom End user role
contains also this.)
In general, if there is a problem with authorizations ending with 403,
adding tracing for Security and Authorization loggers should display
what seems to be a problem - what UI authorization is missing (in
midpoint.log).
Best regards,
Ivan
On 23. 1. 2020 9:42, Peter Holes wrote:
> Hi Luca,
>
> I think that read authorization for CaseType should be enough.
> try something like this (put it into your EndUser role / Archetype):
> ##
> <authorization>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
> <object>
> <type>CaseType</type>
> </object>
> </authorization>
> ##
>
> and than you can also manage the Tab visibility through objectForms
>
> ##
> <adminGuiConfiguration>
> <objectForms>
> <objectForm>
> <type>c:CaseType</type>
> <formSpecification>
>
> <panelUri>http://midpoint.evolveum.com/xml/ns/public/gui/component-3#caseTabOverviewApproval</panelUri>
> </formSpecification>
> <includeDefaultForms>true</includeDefaultForms>
> </objectForm>
> </objectForms>
> </adminGuiConfiguration>
>
> ##
>
> This works for me.
> Peter.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
More information about the midPoint
mailing list