<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Aivo,</p>
<p>just a wild guess (I remember something similar in the past): can
you add also <item>linkRef</item> ?</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 09/27/2016 04:04 PM, Aivo Kuhlberg
wrote:<br>
</div>
<blockquote cite="mid:1474985084343.65243@rmit.ee" type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} --></style>
<p>Hi,<br>
</p>
<p>I want to give end users access to list users inside their
organization. For that purpose I created a simple role with
following authorizations:<br>
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <authorization id="1"></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <name>GUI authorizations</name></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users</a></action></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails</a></action></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> </authorization></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<br style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <authorization id="2"></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <name>users-read</name></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <description></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> Allow to read basic user properties to be
able to display requestor details in the</span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> approval forms.</span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> </description></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);">
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <object></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <type>UserType</type></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <filter></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <q:equal></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);">
<q:path>organization</q:path></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);">
<q:value>70001000</q:value></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> </q:equal></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> </filter></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> </object></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <c:item>name</c:item></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <c:item>givenName</c:item></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <c:item>familyName</c:item></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <c:item>fullName</c:item></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <c:item>employeeType</c:item></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> <c:item>emailAddress</c:item></span></span><br
style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);">
<span style="font-family: Consolas,monospace; font-size: 10pt;
color: rgb(0, 111, 201);"><span style="color: rgb(0, 111,
201);"> </authorization></span></span><br>
<br>
When assigning this role to user there appears menu item "Users"
and under that command "List users". But when I click on that
then the long list of errors appears in log - one error for each
user who's data the current user cannot access:<br>
<br>
<span style="color: rgb(255, 0, 0);">2016-09-27 16:52:16,227 []
[http-nio-8084-exec-3] ERROR
(com.evolveum.midpoint.model.impl.controller.SchemaTransformer):
Error post-processing object
user:c0466a98-f249-45ac-8cfa-07dd85edf05d(null): Access denied</span><br>
<br>
And the listing shows "null (FATAL_ERROR)" for each inaccessible
user. Is there a way how to avoid this kind of errors?<br>
</p>
<p><br>
</p>
<p>Regards,</p>
<p>Aivo Kuhlberg<br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper"
style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:; margin:0">
<div style="font-family:Tahoma; font-size:13px">
<div style="font-family:Tahoma; font-size:13px">
</div>
</div>
</div>
</div>
<br>
<hr>
<font color="Gray" face="Arial" size="2">Käesolev e-kiri võib
sisaldada asutusesiseseks kasutamiseks tunnistatud teavet.<br>
This e-mail may contain information which is classified for
official use.</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>