[midPoint] AuthZ object owner
Yakov Revyakin
yrevyakin at gmail.com
Thu Apr 27 09:21:20 CEST 2023
Hi,
I'd like to filter shadows whose owners belong to the actor's tenant. As I
can see, the owner option doesn't work as expected and always results in an
empty shadow list.
Probably someone knows how to filter shadows by owners?
<authorization>
<name>Model Shadow</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<object>
<type>ShadowType</type>
<owner>
<type>UserType</type>
<filter>
<q:ref>
<q:path>c:tenantRef</q:path>
<expression>
<script>
<code>
return [actor.getTenantRef().clone()]
</code>
</script>
</expression>
</q:ref>
</filter>
</owner>
</object>
</authorization>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230427/1168f4c9/attachment.htm>
More information about the midPoint
mailing list