<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Martin,</p>
<p>I've played with your case for a while and it seems that <b><focusType>UserType</focusType></b>
is the problem. After removing it, the authorizations are
propagated correctly.<br>
</p>
<p>I'm not sure why it is so; as it should work, as far as I know. I
suspect a bug at AssignmentEvaluator:682, but I'm not sure.<br>
</p>
<p>Maybe you could file a JIRA for this.<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 03.01.2017 19:10, Martin Marchese
wrote:<br>
</div>
<blockquote
cite="mid:CAG3rmdpaCK1vngOtMe4=cAFhmdTXrKKWB8OqVeMeOfOEfE8DVw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hi All,</div>
<div><br>
</div>
<div>Within our MidPoint 3.5 deployment, we have created an Org
Structure which induces a role to users.</div>
<div><br>
</div>
<div>This role, contains all kind of authorizations for users
(REST acccess, GUI access, etc).</div>
<div><br>
</div>
<div>Once the organization is assigned to a user, it gets the
role assigned but not the authorizations. However, if we
assign the role directly to the user, all the authorizations
are assigned OK.</div>
<div><br>
</div>
<div>I was wondering if there is not any kind of order for
authorizations (as it is for inducements). Or anything that we
might be missing in our objects?</div>
<div><br>
</div>
<div>Below, I send the examples of how our Org and Role look
like:</div>
<div><br>
</div>
<div><br>
</div>
<div>Org:</div>
<div>-----</div>
<div>
<div><org oid="00000000-0000-1de4-0009-000000000001"></div>
<div> <name>MEGC</name></div>
<div>...</div>
<div> <inducement id="6"></div>
<div> <targetRef
oid="00000000-0000-1de4-0003-000000000001"
type="RoleType"></targetRef></div>
<div> <orderConstraint></div>
<div> <orderMax>unbounded</orderMax></div>
<div> </orderConstraint></div>
<div> <focusType>UserType</focusType></div>
<div> </inducement></div>
<div>...</div>
<div></org></div>
</div>
<div><br>
</div>
<div>Role:</div>
<div>-------</div>
<div><br>
</div>
<div>
<div><role oid="00000000-0000-1de4-0003-000000000001"<br>
</div>
<div> xmlns:c="<a moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>">
<name>MidPoint Custom User</name></div>
<div> <roleType>APPLICATION</roleType></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><authorization></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><description>Permisos
GUI</description></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><action><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfDashboard</a></action></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><action><a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials</a></action></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></authorization></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>...</div>
<div></role></div>
</div>
<div><br>
</div>
<div>Thanks in Advance</div>
<div><br>
</div>
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Jorge Newbery 3226<br>
Tel: +54 (11) 4552-3050<br>
<a moz-do-not-send="true"
href="mailto:mmarchese@identicum.com"
target="_blank">mmarchese@identicum.com</a><br>
<a moz-do-not-send="true"
href="http://www.identicum.com"
target="_blank">www.identicum.com</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>