<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="DejaVu Sans">Ok, this actually what i was looking
for!<br>
<br>
Now, i have the current configuration in my guest Role:<br>
-----------<br>
</font><authorization id="1"><br>
<name>Guest</name><br>
<description><br>
grants read-only privileges on all users, their
projection and assignment<br>
</description><br>
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users</a></action><br>
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsers">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#findUsers</a></action><br>
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails</a></action><br>
</authorization><br>
<authorization id="2"><br>
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><br>
<object><br>
<type>UserType</type><br>
</object><br>
</authorization><br>
<authorization id="3"><br>
<action><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><br>
<object><br>
<type>ShadowType</type><br>
</object><br>
</authorization><br>
<font face="DejaVu Sans">-----------</font></p>
<p><font face="DejaVu Sans">Really really thank you!<br>
</font></p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 02/23/2017 03:27 PM, Pálos Gustáv
wrote:<br>
</div>
<blockquote
cite="mid:CAPXQVkfeYdMH=wDf8gP-7Ay3s6ZWJA3=JxW0hw0UWHufO2HF7Q@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Marco,
<div><br>
</div>
<div>you started correctly with this wiki page:</div>
<div><a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/GUI+Authorizations">https://wiki.evolveum.com/display/midPoint/GUI+Authorizations</a></div>
<div>but you need also to read & apply this:</div>
<div><a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Authorization+Configuration">https://wiki.evolveum.com/display/midPoint/Authorization+Configuration</a></div>
<div>if you have a problem, you can apply this:</div>
<div><a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Troubleshooting+Authorizations">https://wiki.evolveum.com/display/midPoint/Troubleshooting+Authorizations</a></div>
<div>and if nothing helped, please reply again to this subject
your complete actual role config and we try to help.<br>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">> PS: My other midpoint users do
not have the "end user" role because they do not have to
access on midPoint.</div>
Is this the "problem"?</div>
<div><br>
</div>
<div>no, it is OK.</div>
<div><br>
</div>
<div>Best regards,</div>
<div><br>
</div>
<div>Gustav<br>
<div class="gmail_extra"><br>
<div class="gmail_quote">2017-02-23 15:16 GMT+01:00 Marco
Benucci <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:m.benucci@nsr.it" target="_blank">m.benucci@nsr.it</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><font face="DejaVu Sans">Hi,</font></p>
<p><font face="DejaVu Sans">I'm on midpoint 3.4.1 and
I would like to create a role that grants to a
user to list all other users<br>
and see (only see, not modify) their Basic,
Projection and Assignment tabs.<br>
<br>
I have assigned to this user the role "end user"
and I created the role "Guest" with the<br>
the authorization</font><br>
<a moz-do-not-send="true"
class="gmail-m_897124953619928335moz-txt-link-freetext"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users"
target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/security/<wbr>authorization-ui-3#users</a><br>
and<br>
<a moz-do-not-send="true"
class="gmail-m_897124953619928335moz-txt-link-freetext"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails"
target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/security/<wbr>authorization-ui-3#userDetails</a></p>
<p>but this user can see only himself.<br>
<br>
PS: My other midpoint users do not have the "end
user" role because they do not have to access on
midPoint.<br>
Is this the "problem"?<br>
<br>
</p>
<p>Thank you<br>
</p>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>Gustáv Pálos</div>
<div>Identity Engineer</div>
<a moz-do-not-send="true" href="http://evolveum.com/"
rel="noreferrer"
style="color:rgb(17,85,204);font-size:12.8px"
target="_blank">evolveum.com</a><br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>