[midPoint] panel visibility

Keith Hazelton hazelton at internet2.edu
Thu Jul 3 17:13:40 CEST 2025 

Thank you for the suggestion. If you don't get another response by then, I'll bring this up on a call we have with Evolveum on Tuesday, July 8

        --Keith
________________________________
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Markus Calmius via midPoint <midpoint at lists.evolveum.com>
Sent: Thursday, July 3, 2025 6:20 AM
To: midpoint at lists.evolveum.com <midpoint at lists.evolveum.com>
Cc: Markus Calmius <markus.calmius at proton.ch>
Subject: Re: [midPoint] panel visibility

Hi Ivan,

Certainly! Here's a more professional and balanced rephrasing of your message:

---

Thank you for your response.

In that case, I believe the documentation may need some clarification. Currently, it states:

<xsd:documentation>
    The element will not be visible. Not even if the authorizations allow
    to see its content. But if any other role specifies the element as visible
    or automatic then it will be visible. This setting is easily overridden.
</xsd:documentation>

To me, this implies that a setting of `vacant` should be overridden if another role defines the element as `visible` or `automatic`. However, in practice, this doesn’t seem to be the case.
Especially since `automatic` is now the default value, it makes it a bit confusing.
It might be helpful to update the wording or provide further explanation to avoid confusion.

Kind regards,
Markus

On Thursday, 3 July 2025 at 12:00, midpoint-request at lists.evolveum.com <midpoint-request at lists.evolveum.com> wrote:

> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. panel visibility (Markus Calmius)
> 2. Re: panel visibility (Ivan Noris)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 03 Jul 2025 07:10:11 +0000
> From: Markus Calmius markus.calmius at proton.ch
>
> To: midPoint General Discussion midpoint at lists.evolveum.com
>
> Subject: [midPoint] panel visibility
> Message-ID:
> tHgZwByR0MS45paGBHeJn_YjowwSyWDrjCZzKdoE2rUVhZN9cv65o6gdZ0R-PPn4oXjjoVdmWXnIGjiX7PbEgwc-_enWz6UvMmodpXlE6Ss=@proton.ch
>
>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> Info: running MidPoint 4.8.5.
>
> Following up on my earlier message regarding delegations:
>
> I?d like to hide the Delegations and Delegated to Me panels for all standard users, but ensure they remain visible for users who have delegation rights.
>
> Based on the documentation, I assumed this could be achieved by setting:
>
> <visibility>vacant</visibility>
>
>
> in the role assigned to all users, and then overriding it with <visibility>automatic</visibility> or <visibility>visible</visibility> in the role granted to users with delegation rights. However, this doesn?t seem to have the intended effect.
>
>
> Additional context:
>
> -
>
> All users are assigned a basic access role
>
> -
>
> A subset of users also receive an authorised to approve and delegate role
>
> Currently, the Delegations panels are hidden for all users?even those who have the additional delegation role.
>
> Any guidance on how to resolve this would be appreciated.
>
> Thanks in advance,
>
> Markus
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20250703/1979a5d3/attachment-0001.htm
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 3 Jul 2025 09:50:40 +0200
> From: Ivan Noris ivan.noris at evolveum.com
>
> To: midpoint at lists.evolveum.com
> Subject: Re: [midPoint] panel visibility
> Message-ID: d256c4fb-70e1-4f2e-acb9-e8165c431929 at evolveum.com
>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Markus,
>
> I think you are hitting this:
>
> https://docs.evolveum.com/midpoint/reference/support-4.8/admin-gui/admin-gui-config/#how-it-works
>
> " If several roles specify conflicting values then the behavior is
> unpredictable. It is a responsibility of midPoint administrator to
> ensure the consistency."
>
> Last time I had this issue, I resorted to have two distinct roles, one
> for end user and other for admin users (in my case) conditionally
> induced from main end user role.
>
> Best regards,
>
> Ivan
>
> On 3. 7. 2025 9:10, Markus Calmius via midPoint wrote:
>
> > Hi,
> >
> > Info: running MidPoint 4.8.5.
> >
> > Following up on my earlier message regarding delegations:
> >
> > I?d like to hide the /Delegations/ and /Delegated to Me/ panels for
> > all standard users, but ensure they remain visible for users who have
> > delegation rights.
> >
> > Based on the documentation, I assumed this could be achieved by setting:
> >
> > |<visibility>vacant</visibility> |
> >
> > in the role assigned to all users, and then overriding it with
> > |<visibility>automatic</visibility>| or
> > |<visibility>visible</visibility>| in the role granted to users with
> > delegation rights. However, this doesn?t seem to have the intended effect.
> >
> > Additional context:
> >
> > *
> >
> > All users are assigned a basic access role
> >
> > *
> >
> > A subset of users also receive an authorised to approve and
> > delegate role
> >
> > Currently, the /Delegations/ panels are hidden for all users?even
> > those who have the additional delegation role.
> >
> > Any guidance on how to resolve this would be appreciated.
> >
> > Thanks in advance,
> >
> > Markus
> >
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ivan Noris
> Expert Identity Engineer
> evolveum.com
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20250703/451c32e7/attachment-0001.htm
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 159, Issue 3
> ****************************************
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250703/932c762b/attachment-0001.htm>

More information about the midPoint mailing list