[midPoint] Authorization linked to creatorRef
philippebriffod at laposte.net
philippebriffod at laposte.net
Thu Feb 6 09:04:22 CET 2025
Hello,
I am trying to implement an authorization to allow users to modify or delete only the objects they have created. He should also be able to define other owner (using assignement with 'owner' relation)
To filter on creatorRef, I tried many think like the following but without success:
<object id="156">
<type>RoleType</type>
<filter>
<q:equal>
<q:path>metadata/creatorRef</q:path>
<q:value>
<q:reference>
<q:variable>self</q:variable>
</q:reference>
</q:value>
</q:equal>
</filter>
</object>
Is it possible to implement this ?
Thanks in advance for your help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250206/672061e7/attachment.htm>
More information about the midPoint
mailing list