<html><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">Thank you Pavol,<br>
<br>
I'm sorry I haven't responded sooner. I've been working on other
projects, and other parts of midPoint. <br>
I've setup some "Services" and those are working great for what we
need. I'm hoping to start work on the delegated admin aspects soon.
Thanks for sending the URIs.<br>
Have a great day!<br>
Brad<br>
<br>
<span>On 2/5/18, 11:03 AM, Pavol Mederly wrote:</span><br>
<blockquote cite="mid:51796e58-2bc4-bbda-f449-86bed96a2a4e@evolveum.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hello Brad,</p>
<p>looking at the source code I would say that correct URIs for
services are</p>
<ul>
<li>...#servicesAll</li>
<li>...#services</li>
<li>...#service</li>
</ul>
<p>(analogous to #rolesAll, #roles, #role). But please try if it
works as expected.</p>
<p>As for the conceptual question about using services instead of
roles: I think it might be a good idea, even if I haven't heard of
anyone doing that before. :) Please have a look at this page: <a
moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/Roles%2C+Services+and+Orgs">https://wiki.evolveum.com/display/midPoint/Roles%2C+Services+and+Orgs</a>
(I think you maybe already did that.) <br>
</p>
<p>Technically, the main difference between RoleType, ServiceType,
and OrgType is that midPoint maintains a closure table for OrgType
objects in order to quickly answer queries like "is X a child of Y
(potentially via more intermediaries)?" Besides that, all of them
can carry inducements, authorizations, mappings, etc - as these
are defined in parent type called AbstractRoleType.</p>
<p>So, yes, maybe using services instead of roles might be a good
idea. Perhaps Radovan could comment on this as well after
returning from TIIME meeting.<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 02.02.2018 1:14, Brad Firestone
wrote:<br>
</div>
<blockquote type="cite" cite="mid:5A73AD5E.5060809@gmail.com">Hello,
<br>
<br>
I am planning to make use of Services in place of Roles to grant
users access to a "service" that we provide. An example might be
"Email". If I understand correctly, it seems like this is a good
use of Services since I'm giving access to a service. If I used
Roles, I would probably assign the Role: Email User. Services
just seems more natural. If I'm not understanding Services
correctly, please let me know.
<br>
<br>
My other question is how to assign the correct authorizations for
a "delegated administrator" to be able to work with Services. On
the wiki page:
<br>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://wiki.evolveum.com/display/midPoint/GUI+Authorizations">https://wiki.evolveum.com/display/midPoint/GUI+Authorizations</a>
<br>
<br>
I find the list of all the actions including Org, Roles, and many
others. But I don't see "Services" anywhere in the list. So I'm
not sure how to grant authorization for the delegated
administrator to work with Services. If it's not possible without
giving "all" access, that's okay. I just want to know before I go
too far into setting up Services.
<br>
<br>
Thank you!
<br>
Brad
<br>
_______________________________________________
<br>
midPoint mailing list
<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
<br></blockquote>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body></html>