[midPoint] [External] ERROR "Undeclared namespace prefix 'org' in 'org:manager'" when importing a new role
Drew Roberts
aroberts at apu.edu
Wed Nov 29 17:40:56 CET 2023
Hey Philippe,
When you declare a namespace you need to have something that tells the
system where the namespace is. Since you have something like org:maanger
you need to declare what the org namespace is. You could add it to your
first bit of code. Example:
<role oid="b613c706-3889-11e6-b175-d78cc67d7066 xmlns:org="
http://midpoint.evolveum.com/xml/ns/public/common/org-3">
Hope that helps!
On Wed, Nov 29, 2023 at 7:49 AM Philippe via midPoint <
midpoint at lists.evolveum.com> wrote:
> Hello,
>
> I get this error message when I try to import a new role containing
> authorization (linked to the organization of the user)
> the goal is to create an organizational manager role having the right to
> manage (CRUD) identities in the organizations he manages
> Do you have an idea of the issue ?
>
> Thanks
>
>
> Midpoint version : 4.8
>
> <role oid="b613c706-3889-11e6-b175-d78cc67d7066">
> <name>ADMIN - Organizational Manager</name>
> <description>Allows full identity administration for organizations
> where the user is a manager.</description>
> <authorization>
> <name>gui-access</name>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll
> </action>
> </authorization>
> <authorization>
> <name>autz-read</name>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
> </action>
> <object>
> <orgRelation>
> <subjectRelation>org:manager</subjectRelation>
> <scope>allDescendants</scope>
> <includeReferenceOrg>true</includeReferenceOrg>
> </orgRelation>
> </object>
> </authorization>
> <authorization>
> <name>autz-write</name>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete
> </action>
> <object>
> <orgRelation>
> <subjectRelation>org:manager</subjectRelation>
> </orgRelation>
> </object>
> </authorization>
> <authorization>
> <name>autz-shadow</name>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add
> </action>
> <action>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete
> </action>
> <object>
> <type>ShadowType</type>
> <owner>
> <orgRelation>
> <subjectRelation>org:manager</subjectRelation>
> </orgRelation>
> </owner>
> </object>
> </authorization>
> <subtype>application</subtype>
> </role>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
--
Drew Roberts | Systems Administrator II
IT Platform Engineering, Azusa Pacific University
apu.edu
[image: APU logo]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231129/6b125b46/attachment-0001.htm>
More information about the midPoint
mailing list