[midPoint] Question regarding merging of collections in roleCatalog in accessRequest GUI
Sven Feyerabend
Sven.Feyerabend at t-online.de
Sat Aug 3 20:49:03 CEST 2024
Hello everyone,
I'm currently trying to add some functionality to our accessRequest setup:
I want to display different catalogs of roles based on the role/org
membership of a user.
The scenario I have in mind enables a user that is a member of a
specific org to request access to (some) roles in that org. The object
collection for that is simple, but if I configure the roleCatalog
through the adminGuiConfiguration attribute and assign the role to a
user, the collections defined through different roles are not merged but
replaced.
So I have a setup where a user is able to see some roles in the access
request GUI configured through a role. But as soon as they are a member
of two roles defining different collections for the roleCatalog only one
configuration takes effect.
This is the setup:
Role 1:
<roleCatalog>
[...]
<collection>
<identifier>Example1</identifier>
<collectionRef oid="XXXXXX"
type="ObjectCollectionType"/>
<default>true</default>
</collection>
</roleCatalog>
This is visible and works as long as the user is not a member of a
second Role defining the same option for a different collection:
Role 2:
<roleCatalog>
[...]
<collection>
<identifier>Example2</identifier>
<collectionRef oid="XXXXX"
type="ObjectCollectionType"/>
</collection>
</roleCatalog>
Intuitively, I would have expected the setting to be merged (it works
for the rest of the settings in adminGuiConfiguration after all), but
that doesn't seem to be the case.
I also didn't find much in the documentation about this, so any help
would be greatly appreciated.
Thanks in advance and kind regards,
Sven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240803/14755a66/attachment.htm>
More information about the midPoint
mailing list