[midPoint] Question regarding merging of collections in roleCatalog in accessRequest GUI

Sven Feyerabend Sven.Feyerabend at stuvus.uni-stuttgart.de
Sat Aug 3 20:51:26 CEST 2024 

Hello everyone,

I'm currently trying to add some functionality to our accessRequest setup:

I want to display different catalogs of roles based on the role/org 
membership of a user.
The scenario I have in mind enables a user that is a member of a 
specific org to request access to (some) roles in that org. The object 
collection for that is simple, but if I configure the roleCatalog 
through the adminGuiConfiguration attribute and assign the role to a 
user, the collections defined through different roles are not merged but 
replaced.

So I have a setup where a user is able to see some roles in the access 
request GUI configured through a role. But as soon as they are a member 
of two roles defining different collections for the roleCatalog only one 
configuration takes effect.

This is the setup:

Role 1:

             <roleCatalog>
[...]
                 <collection>
                     <identifier>Example1</identifier>
                     <collectionRef oid="XXXXXX" 
type="ObjectCollectionType"/>
                     <default>true</default>
                 </collection>
             </roleCatalog>

This is visible and works as long as the user is not a member of a 
second Role defining the same option for a different collection:

Role 2:

             <roleCatalog>
[...]
                 <collection>
                     <identifier>Example2</identifier>
                     <collectionRef oid="XXXXX" 
type="ObjectCollectionType"/>
                 </collection>
             </roleCatalog>

Intuitively, I would have expected the setting to be merged (it works 
for the rest of the settings in adminGuiConfiguration after all), but 
that doesn't seem to be the case.
I also didn't find much in the documentation about this, so any help 
would be greatly appreciated.

Thanks in advance and kind regards,

Sven

-- 
Sven Feyerabend
Referent für IT-Betreuung
stuvus – Studierendenvertretung Universität Stuttgart
Pfaffenwaldring 5c
70569 Stuttgart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240803/7de376e0/attachment.htm>

More information about the midPoint mailing list