[midPoint] [External] ERROR "Undeclared namespace prefix 'org' in 'org:manager'" when importing a new role
philippebriffod at laposte.net
philippebriffod at laposte.net
Thu Nov 30 10:17:18 CET 2023
Yes, it helps !
It was the issue and I got the point about the namespace
Thanks
De : "Drew Roberts"
A : philippebriffod at laposte.net,"midPoint General Discussion"
Envoyé: mercredi 29 Novembre 2023 17:42
Objet : Re: [External] [midPoint] ERROR "Undeclared namespace prefix 'org' in 'org:manager'" when importing a new role
Oops, forgot to end the OID with a quote. Correct code example would be:
<role oid="b613c706-3889-11e6-b175-d78cc67d7066" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
Peace be with you.
On Wed, Nov 29, 2023 at 8:40 AM Drew Roberts <aroberts at apu.edu> wrote:
Hey Philippe,
When you declare a namespace you need to have something that tells the system where the namespace is. Since you have something like org:maanger you need to declare what the org namespace is. You could add it to your first bit of code. Example:
<role oid="b613c706-3889-11e6-b175-d78cc67d7066 xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
Hope that helps!
On Wed, Nov 29, 2023 at 7:49 AM Philippe via midPoint <midpoint at lists.evolveum.com> wrote:
Hello,
I get this error message when I try to import a new role containing authorization (linked to the organization of the user)
the goal is to create an organizational manager role having the right to manage (CRUD) identities in the organizations he manages
Do you have an idea of the issue ?
Thanks
Midpoint version : 4.8
<role oid="b613c706-3889-11e6-b175-d78cc67d7066">
<name>ADMIN - Organizational Manager</name>
<description>Allows full identity administration for organizations where the user is a manager.</description>
<authorization>
<name>gui-access</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll</action>
</authorization>
<authorization>
<name>autz-read</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<object>
<orgRelation>
<subjectRelation>org:manager</subjectRelation>
<scope>allDescendants</scope>
<includeReferenceOrg>true</includeReferenceOrg>
</orgRelation>
</object>
</authorization>
<authorization>
<name>autz-write</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
<object>
<orgRelation>
<subjectRelation>org:manager</subjectRelation>
</orgRelation>
</object>
</authorization>
<authorization>
<name>autz-shadow</name>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action>
<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
<object>
<type>ShadowType</type>
<owner>
<orgRelation>
<subjectRelation>org:manager</subjectRelation>
</orgRelation>
</owner>
</object>
</authorization>
<subtype>application</subtype>
</role>
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
--
Drew Roberts | Systems Administrator II
IT Platform Engineering, Azusa Pacific University
apu.edu
--
Drew Roberts | Systems Administrator II
IT Platform Engineering, Azusa Pacific University
apu.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231130/404c1b97/attachment.htm>
More information about the midPoint
mailing list