<div dir="ltr">You need model authorization too.<div><br></div><div><div><authorization></div><div>  <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" class="external-link" rel="nofollow" style="color:rgb(50,108,166);text-decoration:none;font-family:arial,sans-serif;font-size:14px">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action></div><div>  <object></div><div>    <type>UserType</type></div><div>  </object></div><div></authorization></div></div><div><br></div><div>see more in <a href="https://wiki.evolveum.com/display/midPoint/Authorization+Configuration#AuthorizationConfiguration-">https://wiki.evolveum.com/display/midPoint/Authorization+Configuration#AuthorizationConfiguration-</a>"Core"Authorizations</div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-02-23 15:16 GMT+01:00 Marco Benucci <span dir="ltr"><<a href="mailto:m.benucci@nsr.it" target="_blank">m.benucci@nsr.it</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  

    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <p><font face="DejaVu Sans">Hi,</font></p>
    <p><font face="DejaVu Sans">I'm on midpoint 3.4.1 and I would like
        to create a role that grants to a user to list all other users<br>
        and see (only see, not modify) their Basic, Projection and
        Assignment tabs.<br>
        <br>
        I have assigned to this user the role "end user" and I created
        the role "Guest" with the<br>
        the authorization</font><br>
<a class="m_-3018174841391718746moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/security/<wbr>authorization-ui-3#users</a><br>
      and<br>
      
      
<a class="m_-3018174841391718746moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/security/<wbr>authorization-ui-3#userDetails</a></p>
    <p>but this user can see only himself.<br>
      <br>
      PS: My other midpoint users do not have the "end user" role
      because they do not have to access on midPoint.<br>
      Is this the "problem"?<br>
      <br>
    </p>
    <p>Thank you<br>
    </p>
  </div>

<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Oskar Butovič</span><br>solution architect<br><br>gsm: [+420] 774 480 101<br>e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important;width:116px"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><br></td></tr></tbody></table></div></div></div></div></div></div></div>
</div>