[midPoint] different authorization based on role

[Markus Calmius]

Hi,

I'm trying to configure the gui depending on what role you have.
For now, I have three different roles:

- Normal User
- Approving User
- Delegating User

All these roles are based on, the EndUser, Approver and Delegator roles, but are limited more.

Scenario is this:

- As an end-user you can only view a limited number of attributes and panels on the selfProfilePage.

- As an approver you should be able to see the basic information about the roles and users you are approving.

- As a delegator you should be able to delegate to other users with approving-capacity

Starting with 1 and 3, I cannot (at least haven't found a way) remove/hide the delegations from the normal/end-user view and enable it if you have the delegator role.
i.e.

<

panel

>

<

identifier

>

userDelegations

</

identifier

>

<

visibility

>

visible

</

visibility

>

</

panel

>

<

panel

>

<

identifier

>

delegatedToMe

</

identifier

>

<

visibility

>

visible

</

visibility

>

</

panel

>

does nothing if the end-user role has hidden or vacancy. It will still be gone.

2 and 3:
If I want to limit the list when you click "add delegation" to check for if the user is manager. This also impact the users shown in "approval"
i.e. either I allow all users => delegations can be done to anyone or I limit to "is manager" and approvals will not show all users.

Is it possible to configure the authorizations like this?
If not, I have to figure out a different way. An easy work-around would be to let all users have "approval" rights, but... to limit would be better.

Thanks,
Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240610/64b837f1/attachment.htm>