[midPoint] Hide unwanted roles in the user role assignment tab.

Sébastien MARBRIER smarbrier at positivethinking.tech
Tue May 16 10:44:04 CEST 2023 

Hello Yakov,

Thank you very much for your help.
Unfortunately, the roles with the requestable attribute set to true are still visible even with your suggestion.
I am still looking at the documentation.

Best regards

Sébastien Marbrier


From: Yakov Revyakin <yrevyakin at gmail.com>
Sent: mardi, 16 mai 2023 10:05
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Sébastien MARBRIER <smarbrier at positivethinking.tech>
Subject: Re: [midPoint] Hide unwanted roles in the user role assignment tab.

I was looking for an answer how to limit roles list a post before. You can find explanation in the topic "Authorization role to allow read own managers"
Main mistake is using "#read" authorization which means "#get" + "#search".
To limit a list you need to use "#search" for RoleType I think.


On Mon, 15 May 2023 at 18:35, Sébastien MARBRIER via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> wrote:
Dear Community

I have a role to assign and unassign a few roles to users.

I did it this way to list the allowed roles:
<authorization id="41">
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get</action>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
        <object id="31">
            <type>ObjectCollectionType</type>
            <filter>
                <q:inOid>
                    <q:value>oidValue</q:value>
                </q:inOid>
            </filter>
        </object>
    </authorization>

And so on.

Then, when the “manager” clicks on a user to add a role, the  desired roles are available and it can perform the assign/unassign operation.
The issue is that requestable  roles are also listed even if the assign/unassign operation cannot be performed.
In order to have a clean view, how the unwanted roles can be hidden ?

I also have another issue, the Preview Changes button does not work for my user manager, do you know a way either to give the permission or simply to hide this button from the GUI ?
My midpoint version is a 4.0.1

Best regards,


[logo]<https://www.positivethinking.tech/>

Sébastien Marbrier  | Senior IT Consultant
smarbrier at positivethinking.tech<mailto:smarbrier at positivethinking.tech>

Tel. +41 21 601 81 00<tel:+41%2021%20601%2081%2000>

[Teams chat]<https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech>
 <https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech>
Chat with me on Teams<https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech>



[cid:image003.png at 01D987E3.53E283A0]<https://www.linkedin.com/company/the-positive-thinking-company/>  [cid:image004.png at 01D987E3.53E283A0] <https://www.instagram.com/positivethinkingcompany/>   [cid:image005.png at 01D987E3.53E283A0] <https://twitter.com/PTC_Tech>   [cid:image006.png at 01D987E3.53E283A0] <https://youtube.com/channel/UCfaImWa6r0IoZoUYLhbiF7w>
Avenue d'Ouchy 4 – CH 1006 Lausanne
www.positivethinking.tech<https://www.positivethinking.tech/>



________________________________
Collaboration Betters the World and its subsidiaries and brands (Positive Thinking Company, Versett, AlisPharm, Otofacto, OneAston and SteepConsult) put security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Collaboration Betters the World does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint

________________________________
Collaboration Betters the World and its subsidiaries and brands (Positive Thinking Company, Versett, AlisPharm, Otofacto, OneAston and SteepConsult) put security at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Collaboration Betters the World does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient, please notify the sender and delete this email/document.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/0f95216b/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7735 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/0f95216b/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 686 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/0f95216b/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2337 bytes
Desc: image003.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/0f95216b/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2756 bytes
Desc: image004.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/0f95216b/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 2358 bytes
Desc: image005.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/0f95216b/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 2669 bytes
Desc: image006.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/0f95216b/attachment-0011.png>

More information about the midPoint mailing list