<div dir="ltr"><div>Ivan,</div><div>When I add some target section with filter adminAssign button disappear.</div><div></div><div>Do you have some working example to understand what I am doing in a wrong way?</div><div><br></div><div>See the button but also see <span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">the all roles</span></span><br></div><div> <authorization><br> <name>AssignGUI</name><br> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</a></action><br> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</a></action><br> <description>Assign/unassign in admin GUI (role profile)</description><br> <object><br> <type>UserType</type><br> </object><br> </authorization><br></div><div><br></div><div></div><div><br></div><div>Don't see button at all</div><div><br></div><div> <authorization><br> <name>AssignGUI</name><br> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</a></action><br> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</a></action><br> <description>Assign/unassign in admin GUI (role profile)</description><br> <object><br> <type>UserType</type><br> </object><br> <target><br> <filter><br> <q:type><br> <q:type>c:RoleType</q:type><br> <q:filter><br> <q:substring><br> <q:matching>polyStringNorm</q:matching><br> <q:path>name</q:path><br> <q:value>Role</q:value><br> <q:anchorStart>true</q:anchorStart><br> </q:substring><br> </q:filter><br> </q:type><br> </filter><br> </target><br> </authorization><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 10 July 2018 at 09:22, Oleksandr Nekriach <span dir="ltr"><<a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Ivan, thank you.<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On 9 July 2018 at 22:08, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>please see the referenced jira issue with example that I reported
earlier and was fixed meanwhile.</p>
<p><a class="m_-3119986974800006898m_5979460915336450373moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-3615" target="_blank">https://jira.evolveum.com/brow<wbr>se/MID-3615</a></p>
<p>Maybe you're only missing the q:matching element. Or target; as
assign/unassign are target-aware.<br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p><div><div class="m_-3119986974800006898h5">
<br>
<div class="m_-3119986974800006898m_5979460915336450373moz-cite-prefix">On 06.07.2018 13:54, Oleksandr Nekriach
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="m_-3119986974800006898h5">
<div dir="ltr">
<div>Hello, <br>
</div>
<div>I am stuck. Is it possible to restrict access to some
certain objects only (role with Role- prefix only e.g) in
Assignments window in User profile .</div>
<div>Something like this but this example does not work.<br>
</div>
<div><br>
</div>
<div> <authorization><br>
<name>AssignGUI</name><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign" target="_blank">http://midpoint.evolve<wbr>um.com/xml/ns/public/security/<wbr>authorization-ui-3#adminAssign</a><wbr></action><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign" target="_blank">http://midpoint.evolve<wbr>um.com/xml/ns/public/security/<wbr>authorization-ui-3#adminUnassi<wbr>gn</a></action><br>
<description>Assign/unassign in admin GUI (role
profile)</description><br>
<c:object><br>
<c:type>RoleType</c:type><br>
</c:object><br>
<filter><br>
<q:substring><br>
<q:path>name</q:path><br>
<q:value>Role-</q:value><br>
<q:anchorStart>true</q:anchorS<wbr>tart><br>
</q:substring><br>
</filter><br>
</authorization><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<br>
-- <br>
<div class="m_-3119986974800006898m_5979460915336450373gmail_signature">
<div dir="ltr"><span style="color:rgb(76,76,76)">Best regards,
<br>
<br>
<img src="cid:part3.4C523F8C.4A5B8E13@evolveum.com"> <br>
<br>
Oleksandr Nekriach | Identity and access management
engineer <br>
<br>
Dynatech, <a href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g" target="_blank">Mednieku str. 4a,
Riga, LV-1010, Latvia</a> <br>
<br>
<div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>
,
<div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div>
<br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px 0px 0px"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:part8.73ED72C8.B487CE7A@evolveum.com"></a></div>
<div style="display:inline-block;margin:5px 0px 0px"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:part10.50FAC2AF.B17B8C69@evolveum.com"></a></div>
<br>
<br>
<span style="font-size:11px;color:rgb(161,161,161)">Confidentiality
Notice: This message contains confidential information
and is intended only for the named recipient(s). If you
are not the addressee you may not copy, distribute or
perform any other activities with this information. If
you have received this transmission in error, please
notify us by e-mail immediately. E-mail transmission
cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain
viruses.</span></span></div>
</div>
</div>
<br>
<fieldset class="m_-3119986974800006898m_5979460915336450373mimeAttachmentHeader"></fieldset>
<br>
</div></div><pre>______________________________<wbr>_________________
midPoint mailing list
<a class="m_-3119986974800006898m_5979460915336450373moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_-3119986974800006898m_5979460915336450373moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><span class="m_-3119986974800006898HOEnZb"><font color="#888888">
</font></span></pre><span class="m_-3119986974800006898HOEnZb"><font color="#888888">
</font></span></blockquote><span class="m_-3119986974800006898HOEnZb"><font color="#888888">
<br>
<pre class="m_-3119986974800006898m_5979460915336450373moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="m_-3119986974800006898gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span style="color:#4c4c4c">Best regards, <br><br><img src="cid:o.nekriach@dynatech.lv1520941785292-7770"> <br><br>Oleksandr Nekriach | Identity and access management engineer <br><br>Dynatech, <a href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g" target="_blank">Mednieku str. 4a, Riga, LV-1010, Latvia</a> <br><br><div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>, <div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div> | <div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div> <br><br>Stay connected: <br><div style="display:inline-block;margin:5px 5px 0 0"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:o.nekriach@dynatech.lv1520941785292-7771"></a></div><div style="display:inline-block;margin:5px 0 0 0"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:o.nekriach@dynatech.lv1520941785292-7772"></a></div><br><br><span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential information and is intended
only for the named recipient(s). If you are not the addressee you may
not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please
notify us by e-mail immediately. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses.</span></span></div></div>
</div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span style="color:#4c4c4c">Best regards, <br><br><img src="cid:o.nekriach@dynatech.lv1520941785292-7770"> <br><br>Oleksandr Nekriach | Identity and access management engineer <br><br>Dynatech, <a href="https://maps.google.com/?q=Mednieku+str.+4a,+Riga,+LV-1010,+Latvia&entry=gmail&source=g" target="_blank">Mednieku str. 4a, Riga, LV-1010, Latvia</a> <br><br><div style="display:inline-block"><a href="tel:+371%2025%20314%20685" value="+37125314685" target="_blank">+37125314685</a></div>, <div style="display:inline-block"><a href="mailto:o.nekriach@dynatech.lv" target="_blank">o.nekriach@dynatech.lv</a></div> | <div style="display:inline-block"><a href="http://www.dynatech.lv" target="_blank">www.dynatech.lv</a></div> <br><br>Stay connected: <br><div style="display:inline-block;margin:5px 5px 0 0"><a href="https://www.facebook.com/DynatechLatvia/?ref=br_rs" target="_blank"><img src="cid:o.nekriach@dynatech.lv1520941785292-7771"></a></div><div style="display:inline-block;margin:5px 0 0 0"><a href="https://www.linkedin.com/company-beta/17893047/" target="_blank"><img src="cid:o.nekriach@dynatech.lv1520941785292-7772"></a></div><br><br><span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential information and is intended
only for the named recipient(s). If you are not the addressee you may
not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please
notify us by e-mail immediately. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses.</span></span></div></div>
</div>