
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hi Oleksandr,</p>

    <p>please see the referenced jira issue with example that I reported

      earlier and was fixed meanwhile.</p>

    <p><a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-3615">https://jira.evolveum.com/browse/MID-3615</a></p>

    <p>Maybe you're only missing the q:matching element. Or target; as

      assign/unassign are target-aware.<br>

    </p>

    <p>Best regards,</p>

    <p>Ivan<br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 06.07.2018 13:54, Oleksandr Nekriach

      wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CANb693Q+8yontdEhBLum_9SniGeOEHZO2mJMMAazpOC=eGHvzw@mail.gmail.com">

      <div dir="ltr">

        <div>Hello, <br>

        </div>

        <div>I am stuck. Is it possible to restrict  access to some

          certain objects only (role with Role- prefix only e.g) in

          Assignments window in User profile .</div>

        <div>Something like this but this example does not work.<br>

        </div>

        <div><br>

        </div>

        <div>     <authorization><br>

                  <name>AssignGUI</name><br>

                  <action><a

href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign"

            moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</a></action><br>

                  <action><a

href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign"

            moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</a></action><br>

                  <description>Assign/unassign in admin GUI (role

          profile)</description><br>

                  <c:object><br>

                      <c:type>RoleType</c:type><br>

                  </c:object><br>

                  <filter><br>

                      <q:substring><br>

                         <q:path>name</q:path><br>

                         <q:value>Role-</q:value><br>

                         <q:anchorStart>true</q:anchorStart><br>

                      </q:substring><br>

                   </filter><br>

              </authorization><br>

        </div>

        <div><br>

        </div>

        <div><br>

        </div>

        <div><br>

        </div>

        <div><br>

        </div>

        <br>

        -- <br>

        <div class="gmail_signature">

          <div dir="ltr"><span style="color:rgb(76,76,76)">Best regards,

              <br>

              <br>

              <img src="cid:part3.4C523F8C.4A5B8E13@evolveum.com"

                class=""> <br>

              <br>

              Oleksandr Nekriach | Identity and access management

              engineer <br>

              <br>

              Dynatech, <a

href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g"

                target="_blank" moz-do-not-send="true">Mednieku str. 4a,

                Riga, LV-1010, Latvia</a> <br>

              <br>

              <div style="display:inline-block"><a

                  href="tel:+371%2025%20314%20685" value="+37125314685"

                  target="_blank" moz-do-not-send="true">+37125314685</a></div>

              ,

              <div style="display:inline-block"><a

                  href="mailto:o.nekriach@dynatech.lv" target="_blank"

                  moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>

              |

              <div style="display:inline-block"><a

                  href="http://www.dynatech.lv" target="_blank"

                  moz-do-not-send="true">www.dynatech.lv</a></div>

              <br>

              <br>

              Stay connected: <br>

              <div style="display:inline-block;margin:5px 5px 0px 0px"><a

href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"

                  target="_blank" moz-do-not-send="true"><img

                    src="cid:part8.73ED72C8.B487CE7A@evolveum.com"

                    class=""></a></div>

              <div style="display:inline-block;margin:5px 0px 0px"><a

                  href="https://www.linkedin.com/company-beta/17893047/"

                  target="_blank" moz-do-not-send="true"><img

                    src="cid:part10.50FAC2AF.B17B8C69@evolveum.com"

                    class=""></a></div>

              <br>

              <br>

              <span style="font-size:11px;color:rgb(161,161,161)">Confidentiality

                Notice: This message contains confidential information

                and is intended only for the named recipient(s). If you

                are not the addressee you may not copy, distribute or

                perform any other activities with this information. If

                you have received this transmission in error, please

                notify us by e-mail immediately. E-mail transmission

                cannot be guaranteed to be secure or error-free as

                information could be intercepted, corrupted, lost,

                destroyed, arrive late or incomplete, or contain

                viruses.</span></span></div>

        </div>

      </div>

      <!--'"--><br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

midPoint mailing list

<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>

<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Ivan Noris

Senior Identity Engineer

evolveum.com

</pre>

  </body>

</html>