<div dir="ltr">Hi Marco,<div><br></div><div>you started correctly with this wiki page:</div><div><a href="https://wiki.evolveum.com/display/midPoint/GUI+Authorizations">https://wiki.evolveum.com/display/midPoint/GUI+Authorizations</a></div><div>but you need also to read & apply this:</div><div><a href="https://wiki.evolveum.com/display/midPoint/Authorization+Configuration">https://wiki.evolveum.com/display/midPoint/Authorization+Configuration</a></div><div>if you have a problem, you can apply this:</div><div><a href="https://wiki.evolveum.com/display/midPoint/Troubleshooting+Authorizations">https://wiki.evolveum.com/display/midPoint/Troubleshooting+Authorizations</a></div><div>and if nothing helped, please reply again to this subject your complete actual role config and we try to help.<br><div class="gmail_extra"><br></div><div class="gmail_extra">> PS: My other midpoint users do not have the "end user" role because they do not have to access on midPoint.</div>Is this the "problem"?</div><div><br></div><div>no, it is OK.</div><div><br></div><div>Best regards,</div><div><br></div><div>Gustav<br><div class="gmail_extra"><br><div class="gmail_quote">2017-02-23 15:16 GMT+01:00 Marco Benucci <span dir="ltr"><<a href="mailto:m.benucci@nsr.it" target="_blank">m.benucci@nsr.it</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><font face="DejaVu Sans">Hi,</font></p>
<p><font face="DejaVu Sans">I'm on midpoint 3.4.1 and I would like
to create a role that grants to a user to list all other users<br>
and see (only see, not modify) their Basic, Projection and
Assignment tabs.<br>
<br>
I have assigned to this user the role "end user" and I created
the role "Guest" with the<br>
the authorization</font><br>
<a class="gmail-m_897124953619928335moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/security/<wbr>authorization-ui-3#users</a><br>
and<br>
<a class="gmail-m_897124953619928335moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#userDetails" target="_blank">http://midpoint.evolveum.com/<wbr>xml/ns/public/security/<wbr>authorization-ui-3#userDetails</a></p>
<p>but this user can see only himself.<br>
<br>
PS: My other midpoint users do not have the "end user" role
because they do not have to access on midPoint.<br>
Is this the "problem"?<br>
<br>
</p>
<p>Thank you<br>
</p>
</div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Gustáv Pálos</div><div>Identity Engineer</div><a href="http://evolveum.com/" rel="noreferrer" style="color:rgb(17,85,204);font-size:12.8px" target="_blank">evolveum.com</a><br></div></div>
</div></div></div>