<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>please see the referenced jira issue with example that I reported
earlier and was fixed meanwhile.</p>
<p><a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-3615">https://jira.evolveum.com/browse/MID-3615</a></p>
<p>Maybe you're only missing the q:matching element. Or target; as
assign/unassign are target-aware.<br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 06.07.2018 13:54, Oleksandr Nekriach
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANb693Q+8yontdEhBLum_9SniGeOEHZO2mJMMAazpOC=eGHvzw@mail.gmail.com">
<div dir="ltr">
<div>Hello, <br>
</div>
<div>I am stuck. Is it possible to restrict access to some
certain objects only (role with Role- prefix only e.g) in
Assignments window in User profile .</div>
<div>Something like this but this example does not work.<br>
</div>
<div><br>
</div>
<div> <authorization><br>
<name>AssignGUI</name><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</a></action><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</a></action><br>
<description>Assign/unassign in admin GUI (role
profile)</description><br>
<c:object><br>
<c:type>RoleType</c:type><br>
</c:object><br>
<filter><br>
<q:substring><br>
<q:path>name</q:path><br>
<q:value>Role-</q:value><br>
<q:anchorStart>true</q:anchorStart><br>
</q:substring><br>
</filter><br>
</authorization><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<br>
-- <br>
<div class="gmail_signature">
<div dir="ltr"><span style="color:rgb(76,76,76)">Best regards,
<br>
<br>
<img src="cid:part3.4C523F8C.4A5B8E13@evolveum.com"
class=""> <br>
<br>
Oleksandr Nekriach | Identity and access management
engineer <br>
<br>
Dynatech, <a
href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g"
target="_blank" moz-do-not-send="true">Mednieku str. 4a,
Riga, LV-1010, Latvia</a> <br>
<br>
<div style="display:inline-block"><a
href="tel:+371%2025%20314%20685" value="+37125314685"
target="_blank" moz-do-not-send="true">+37125314685</a></div>
,
<div style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv" target="_blank"
moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a
href="http://www.dynatech.lv" target="_blank"
moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px 0px 0px"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank" moz-do-not-send="true"><img
src="cid:part8.73ED72C8.B487CE7A@evolveum.com"
class=""></a></div>
<div style="display:inline-block;margin:5px 0px 0px"><a
href="https://www.linkedin.com/company-beta/17893047/"
target="_blank" moz-do-not-send="true"><img
src="cid:part10.50FAC2AF.B17B8C69@evolveum.com"
class=""></a></div>
<br>
<br>
<span style="font-size:11px;color:rgb(161,161,161)">Confidentiality
Notice: This message contains confidential information
and is intended only for the named recipient(s). If you
are not the addressee you may not copy, distribute or
perform any other activities with this information. If
you have received this transmission in error, please
notify us by e-mail immediately. E-mail transmission
cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain
viruses.</span></span></div>
</div>
</div>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>