[midPoint] Hide unwanted roles in the user role assignment tab.

Yakov Revyakin yrevyakin at gmail.com
Tue May 16 11:09:19 CEST 2023 

It means that you authorized a manager to search those roles. Look for
#search or #read authorization for RoleType. End-User role has appropriate
too broad authorizations. If you use this role you must write your own
custom role or change the End-User role.

On Tue, 16 May 2023 at 11:44, Sébastien MARBRIER via midPoint <
midpoint at lists.evolveum.com> wrote:

> Hello Yakov,
>
>
>
> Thank you very much for your help.
>
> Unfortunately, the roles with the requestable attribute set to true are
> still visible even with your suggestion.
>
> I am still looking at the documentation.
>
>
>
> Best regards
>
>
>
> Sébastien Marbrier
>
>
>
>
>
> *From:* Yakov Revyakin <yrevyakin at gmail.com>
> *Sent:* mardi, 16 mai 2023 10:05
> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Cc:* Sébastien MARBRIER <smarbrier at positivethinking.tech>
> *Subject:* Re: [midPoint] Hide unwanted roles in the user role assignment
> tab.
>
>
>
> I was looking for an answer how to limit roles list a post before. You can
> find explanation in the topic "Authorization role to allow read own
> managers"
>
> Main mistake is using "#read" authorization which means "#get" + "#search".
> To limit a list you need to use "#search" for RoleType I think.
>
>
>
>
>
> On Mon, 15 May 2023 at 18:35, Sébastien MARBRIER via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
> Dear Community
>
>
>
> I have a role to assign and unassign a few roles to users.
>
>
>
> I did it this way to list the allowed roles:
>
> <authorization id="41">
>
>         <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get
> </action>
>
>         <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
> </action>
>
>         <object id="31">
>
>             <type>ObjectCollectionType</type>
>
>             <filter>
>
>                 <q:inOid>
>
>                     <q:value>oidValue</q:value>
>
>                 </q:inOid>
>
>             </filter>
>
>         </object>
>
>     </authorization>
>
>
>
> And so on.
>
>
>
> Then, when the “manager” clicks on a user to add a role, the  desired
> roles are available and it can perform the assign/unassign operation.
>
> The issue is that requestable  roles are also listed even if the
> assign/unassign operation cannot be performed.
>
> In order to have a clean view, how the unwanted roles can be hidden ?
>
>
>
> I also have another issue, the Preview Changes button does not work for my
> user manager, do you know a way either to give the permission or simply to
> hide this button from the GUI ?
>
> My midpoint version is a 4.0.1
>
>
>
> Best regards,
>
>
>
>
>
> [image: logo] <https://www.positivethinking.tech/>
>
>
>
> *Sébastien Marbrier*  | Senior IT Consultant
> smarbrier at positivethinking.tech
>
> Tel. +41 21 601 81 00 <+41%2021%20601%2081%2000>
>
>
> [image: Teams chat]
> <https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech>
>
>
> <https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech>
>
> Chat with me on Teams
> <https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech>
>
>
>
>
>
> <https://www.linkedin.com/company/the-positive-thinking-company/>
> <https://www.instagram.com/positivethinkingcompany/>
> <https://twitter.com/PTC_Tech>
> <https://youtube.com/channel/UCfaImWa6r0IoZoUYLhbiF7w>
>
> Avenue d'Ouchy 4 – CH 1006 Lausanne
> www.positivethinking.tech
>
>
>
>
>
> ------------------------------
>
> *Collaboration Betters the World and its subsidiaries and brands (Positive
> Thinking Company, Versett, AlisPharm, Otofacto, OneAston and SteepConsult)
> put security at a high priority in its conduct of business. Therefore, we
> have put our best efforts into ensuring that this email and its attached
> documents are error and virus-free. Nonetheless, full security of
> emails/documents cannot be ensured. Therefore, the recipient is responsible
> for checking the email/documents for threats with its own security
> measures, prior to opening it. Collaboration Betters the World does not
> accept liability for any damage inflicted by using the content of this
> email/documents. If you are not the intended recipient, please notify the
> sender and delete this email/document.*
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> ------------------------------
> *Collaboration Betters the World and its subsidiaries and brands (Positive
> Thinking Company, Versett, AlisPharm, Otofacto, OneAston and SteepConsult)
> put security at a high priority in its conduct of business. Therefore, we
> have put our best efforts into ensuring that this email and its attached
> documents are error and virus-free. Nonetheless, full security of
> emails/documents cannot be ensured. Therefore, the recipient is responsible
> for checking the email/documents for threats with its own security
> measures, prior to opening it. Collaboration Betters the World does not
> accept liability for any damage inflicted by using the content of this
> email/documents. If you are not the intended recipient, please notify the
> sender and delete this email/document.*
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/8cd410aa/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7735 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/8cd410aa/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 686 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/8cd410aa/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2337 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/8cd410aa/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2756 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/8cd410aa/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 2358 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/8cd410aa/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 2669 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230516/8cd410aa/attachment-0011.png>

More information about the midPoint mailing list