<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Can you attach a portion of screen so that I know what exactly is
missing? I would say this would be some missing gui authorization,
but I would like to see the screenshot with indication what is
missing.</p>
<p><br>
</p>
<p>Thank you!</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 10.07.2018 10:06, Oleksandr Nekriach
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANb693TdBb+P7VQ+9nA5D51wOWZ4KA24hgquyBq9Yt4Q-juPHg@mail.gmail.com">
<div dir="ltr">
<div>Ivan,</div>
<div>When I add some target section with filter adminAssign
button disappear.</div>
<div>Do you have some working example to understand what I am
doing in a wrong way?</div>
<div><br>
</div>
<div>See the button but also see <span id="gmail-result_box"
class="gmail-short_text" lang="en"><span class="gmail-">the
all roles</span></span><br>
</div>
<div> <authorization><br>
<name>AssignGUI</name><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</a></action><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</a></action><br>
<description>Assign/unassign in admin GUI (role
profile)</description><br>
<object><br>
<type>UserType</type><br>
</object><br>
</authorization><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Don't see button at all</div>
<div><br>
</div>
<div> <authorization><br>
<name>AssignGUI</name><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</a></action><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</a></action><br>
<description>Assign/unassign in admin GUI (role
profile)</description><br>
<object><br>
<type>UserType</type><br>
</object><br>
<target><br>
<filter><br>
<q:type><br>
<q:type>c:RoleType</q:type><br>
<q:filter><br>
<q:substring><br>
<q:matching>polyStringNorm</q:matching><br>
<q:path>name</q:path><br>
<q:value>Role</q:value><br>
<q:anchorStart>true</q:anchorStart><br>
</q:substring><br>
</q:filter><br>
</q:type><br>
</filter><br>
</target><br>
</authorization><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 10 July 2018 at 09:22, Oleksandr
Nekriach <span dir="ltr"><<a
href="mailto:o.nekriach@dynatech.lv" target="_blank"
moz-do-not-send="true">o.nekriach@dynatech.lv</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi Ivan, thank you.<br>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 9 July 2018 at 22:08, Ivan
Noris <span dir="ltr"><<a
href="mailto:ivan.noris@evolveum.com"
target="_blank" moz-do-not-send="true">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>please see the referenced jira issue with
example that I reported earlier and was fixed
meanwhile.</p>
<p><a
class="m_-3119986974800006898m_5979460915336450373moz-txt-link-freetext"
href="https://jira.evolveum.com/browse/MID-3615" target="_blank"
moz-do-not-send="true">https://jira.evolveum.com/brow<wbr>se/MID-3615</a></p>
<p>Maybe you're only missing the q:matching
element. Or target; as assign/unassign are
target-aware.<br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div>
<div class="m_-3119986974800006898h5"> <br>
<div
class="m_-3119986974800006898m_5979460915336450373moz-cite-prefix">On
06.07.2018 13:54, Oleksandr Nekriach
wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="m_-3119986974800006898h5">
<div dir="ltr">
<div>Hello, <br>
</div>
<div>I am stuck. Is it possible to
restrict access to some certain
objects only (role with Role- prefix
only e.g) in Assignments window in
User profile .</div>
<div>Something like this but this
example does not work.<br>
</div>
<div><br>
</div>
<div> <authorization><br>
<name>AssignGUI</name><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign"
target="_blank"
moz-do-not-send="true">http://midpoint.evolve<wbr>um.com/xml/ns/public/security/<wbr>authorization-ui-3#adminAssign</a><wbr></action><br>
<action><a
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign"
target="_blank"
moz-do-not-send="true">http://midpoint.evolve<wbr>um.com/xml/ns/public/security/<wbr>authorization-ui-3#adminUnassi<wbr>gn</a></action><br>
<description>Assign/unassign in
admin GUI (role
profile)</description><br>
<c:object><br>
<c:type>RoleType</c:type><br>
</c:object><br>
<filter><br>
<q:substring><br>
<q:path>name</q:path><br>
<q:value>Role-</q:value><br>
<q:anchorStart>true</q:anchorS<wbr>tart><br>
</q:substring><br>
</filter><br>
</authorization><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<br>
-- <br>
<div
class="m_-3119986974800006898m_5979460915336450373gmail_signature">
<div dir="ltr"><span
style="color:rgb(76,76,76)">Best
regards, <br>
<br>
<img
src="cid:part10.4C91FC3C.278799CC@evolveum.com"
class=""> <br>
<br>
Oleksandr Nekriach | Identity and
access management engineer <br>
<br>
Dynatech, <a
href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g"
target="_blank"
moz-do-not-send="true">Mednieku
str. 4a, Riga, LV-1010, Latvia</a>
<br>
<br>
<div style="display:inline-block"><a
href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank"
moz-do-not-send="true">+37125314685</a></div>
,
<div style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv" target="_blank"
moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a
href="http://www.dynatech.lv"
target="_blank"
moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
Stay connected: <br>
<div
style="display:inline-block;margin:5px
5px 0px 0px"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank"
moz-do-not-send="true"><img
src="cid:part15.0C6B3F4C.D1AAA85F@evolveum.com"
class=""></a></div>
<div
style="display:inline-block;margin:5px
0px 0px"><a
href="https://www.linkedin.com/company-beta/17893047/"
target="_blank"
moz-do-not-send="true"><img
src="cid:part17.1C7C67F8.8C81F717@evolveum.com"
class=""></a></div>
<br>
<br>
<span
style="font-size:11px;color:rgb(161,161,161)">Confidentiality
Notice: This message contains
confidential information and is
intended only for the named
recipient(s). If you are not the
addressee you may not copy,
distribute or perform any other
activities with this
information. If you have
received this transmission in
error, please notify us by
e-mail immediately. E-mail
transmission cannot be
guaranteed to be secure or
error-free as information could
be intercepted, corrupted, lost,
destroyed, arrive late or
incomplete, or contain viruses.</span></span></div>
</div>
</div>
<br>
<fieldset
class="m_-3119986974800006898m_5979460915336450373mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-3119986974800006898m_5979460915336450373moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_-3119986974800006898m_5979460915336450373moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><span class="m_-3119986974800006898HOEnZb"><font color="#888888">
</font></span></pre>
<span class="m_-3119986974800006898HOEnZb"><font
color="#888888"> </font></span></blockquote>
<span class="m_-3119986974800006898HOEnZb"><font
color="#888888"> <br>
<pre class="m_-3119986974800006898m_5979460915336450373moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
</font></span></div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="m_-3119986974800006898gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr"><span style="color:#4c4c4c">Best
regards, <br>
<br>
<img
src="cid:part10.4C91FC3C.278799CC@evolveum.com"
class=""> <br>
<br>
Oleksandr Nekriach | Identity and access
management engineer <br>
<br>
Dynatech, <a
href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g"
target="_blank" moz-do-not-send="true">Mednieku
str. 4a, Riga, LV-1010, Latvia</a> <br>
<br>
<div style="display:inline-block"><a
href="tel:+371%2025%20314%20685"
value="+37125314685" target="_blank"
moz-do-not-send="true">+37125314685</a></div>
,
<div style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv"
target="_blank" moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a
href="http://www.dynatech.lv"
target="_blank" moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px
0 0"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank" moz-do-not-send="true"><img
src="cid:part15.0C6B3F4C.D1AAA85F@evolveum.com" class=""></a></div>
<div style="display:inline-block;margin:5px 0 0
0"><a
href="https://www.linkedin.com/company-beta/17893047/"
target="_blank" moz-do-not-send="true"><img
src="cid:part17.1C7C67F8.8C81F717@evolveum.com" class=""></a></div>
<br>
<br>
<span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential
information and is intended only for the named
recipient(s). If you are not the addressee you
may not copy, distribute or perform any other
activities with this information. If you have
received this transmission in error, please
notify us by e-mail immediately. E-mail
transmission cannot be guaranteed to be secure
or error-free as information could be
intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.</span></span></div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr"><span style="color:#4c4c4c">Best regards, <br>
<br>
<img src="cid:part10.4C91FC3C.278799CC@evolveum.com"
class=""> <br>
<br>
Oleksandr Nekriach | Identity and access management
engineer <br>
<br>
Dynatech, <a
href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g"
target="_blank" moz-do-not-send="true">Mednieku str. 4a,
Riga, LV-1010, Latvia</a> <br>
<br>
<div style="display:inline-block"><a
href="tel:+371%2025%20314%20685" value="+37125314685"
target="_blank" moz-do-not-send="true">+37125314685</a></div>
,
<div style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv" target="_blank"
moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a
href="http://www.dynatech.lv" target="_blank"
moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px 0 0"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank" moz-do-not-send="true"><img
src="cid:part15.0C6B3F4C.D1AAA85F@evolveum.com"
class=""></a></div>
<div style="display:inline-block;margin:5px 0 0 0"><a
href="https://www.linkedin.com/company-beta/17893047/"
target="_blank" moz-do-not-send="true"><img
src="cid:part17.1C7C67F8.8C81F717@evolveum.com"
class=""></a></div>
<br>
<br>
<span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential information
and is intended only for the named recipient(s). If you
are not the addressee you may not copy, distribute or
perform any other activities with this information. If
you have received this transmission in error, please
notify us by e-mail immediately. E-mail transmission
cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain
viruses.</span></span></div>
</div>
</div>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>