<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Petr,<br>
<br>
I can't see #add operation authorization for UserType. Only #modify
(and #read). But as you seem to allow only creation of Users in some
organization (by reference), it's possible that you will need some
more things later.<br>
<br>
Please try to add #add authorization to be able to create users.<br>
<br>
Regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 08/03/2015 01:46 PM, Petr Gašparík
wrote:<br>
</div>
<blockquote
cite="mid:CAFmDq44-mkz93Woz0evpmcrkUaT1PEDhxCdq8f0Shz-ofd_jVA@mail.gmail.com"
type="cite">
<div dir="ltr">Thank you, Ivan, this is for 3.1.1 ... I can see
users and their attributes, but I can't create new one - see
below.
<div><br>
</div>
<img alt="Clip398.png" class="kr" style="max-width: 100%;
opacity: 1;" src="cid:part1.03080601.04050909@evolveum.com">
<div><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">po 3. 8. 2015 v 8:36 odesílatel Ivan Noris <<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>>
napsal:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Petr,<br>
<br>
please check the <b>GUI</b> authorization namespaces,
there was a change for the upcoming 3.2.<br>
<br>
e.g. <a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization</a><b>-ui</b>-3#dashboard<br>
<br>
The End User and Superuser role are already modified in
XML files, not sure about the documentation...<br>
<br>
Please try.<br>
Regards,<br>
Ivan</div>
<div text="#000000" bgcolor="#FFFFFF"><br>
<br>
<div>On 07/31/2015 05:24 PM, Petr Gašparík wrote:<br>
</div>
</div>
<div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<div dir="ltr">Hi,
<div>I tried to setup delegated administrator for
organization (user management + workflow tasks) and
ended with role like below. This, assigned to user,
does not allow him to see attributes when creating
user, thus admin can't enter values into them (name,
for example). </div>
<div><br>
</div>
<div>What am I missing? Is there example for delegated
administrator? (I checked web and git already)</div>
<div><br>
</div>
<div>regards</div>
<div>Petr G.</div>
<div><br>
</div>
<div>-------------------------------------------</div>
<div><br>
</div>
<div>
<div><role xmlns="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:icfs="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"</div>
<div> xmlns:t="<a moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/types-3"
target="_blank">http://prism.evolveum.com/xml/ns/public/types-3</a>"</div>
<div> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div> xmlns:q="<a moz-do-not-send="true"
href="http://prism.evolveum.com/xml/ns/public/query-3"
target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>"</div>
<div> xmlns:ri="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>"</div>
<div> oid="delegatedAdmin"</div>
<div> version="23"></div>
<div> <name>Delegated
administrator</name></div>
<div> <activation><br>
</div>
<div>
<effectiveStatus>enabled</effectiveStatus></div>
<div> </activation></div>
<div> <iteration>0</iteration></div>
<div> <iterationToken/></div>
<div> <authorization id="1"></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</a></action></div>
<div> <object></div>
<div> <type>OrgType</type></div>
<div> </object></div>
<div> <object></div>
<div> <type>ResourceType</type></div>
<div> </object></div>
<div> <object></div>
<div> <type>RoleType</type></div>
<div> </object></div>
<div> <object></div>
<div> <type>ShadowType</type></div>
<div> </object></div>
<div> <object></div>
<div> <type>UserType</type></div>
<div> <orgRef xmlns:tns="<a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div>
<div>
oid="3404b331-57c0-4bef-b699-0192ce8d728b"</div>
<div>
type="tns:OrgType"></orgRef></div>
<div> </object></div>
<div> </authorization></div>
<div> <authorization id="2"></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#dashboard</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#myPasswords</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#users"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#users</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#userDetails"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#userDetails</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#findUsers"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#findUsers</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#orgTree"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#orgTree</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItems"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItems</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItem"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItem</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsMyRequests"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsMyRequests</a></action></div>
<div> <action><a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsProcessInstance"
target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-3#workItemsProcessInstance</a></action></div>
<div> </authorization></div>
<div></role></div>
</div>
</div>
<div dir="ltr">-- <br>
</div>
<div dir="ltr">--
<div>Petr G.</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
</div>
<div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a> <a moz-do-not-send="true" href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
</div>
<div dir="ltr">-- <br>
</div>
<div dir="ltr">--
<div>Petr G.</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>