[midPoint] AuthZ object owner
Yakov Revyakin
yrevyakin at gmail.com
Thu Apr 27 09:42:39 CEST 2023
After some additional research I understood that the owner feature works -
I can see the right shadows under user projections.
I still can't see the list of accounts under resource/accounts.
Also I tried to extend actions with "
http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search
"
In documentation for owner feature I can see the following:
*LIMITATION: for search pre-processing this option is supported in a very
limited way (only for TaskType.ownerRef and only for "self" owners).*
How is this statement relevant to my case?
On Thu, 27 Apr 2023 at 10:21, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Hi,
> I'd like to filter shadows whose owners belong to the actor's tenant. As I
> can see, the owner option doesn't work as expected and always results in an
> empty shadow list.
> Probably someone knows how to filter shadows by owners?
>
> <authorization>
> <name>Model Shadow</name>
> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
> <object>
> <type>ShadowType</type>
> <owner>
> <type>UserType</type>
> <filter>
> <q:ref>
> <q:path>c:tenantRef</q:path>
> <expression>
> <script>
> <code>
> return [actor.getTenantRef().clone()]
> </code>
> </script>
> </expression>
> </q:ref>
> </filter>
> </owner>
> </object>
> </authorization>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230427/7e2e63f2/attachment.htm>
More information about the midPoint
mailing list