<div dir="auto"><p style="font-family:sans-serif;font-size:12.8px">Hello,</p><p style="font-family:sans-serif;font-size:12.8px"><br></p><p style="font-family:sans-serif;font-size:12.8px">I am setting up some roles with authorizations. In my example below, I want to specify the list of items displayed in the GUI and specify some of them as read only depending on the time the user is assigned to.</p><p style="font-family:sans-serif;font-size:12.8px">The problem is that with these authorizations, the user assigned to this role <b>cannot see the "edit" link in the contextual menu</b> (small cog) of organizations in the Organization tree view/page. If I add the adminOrgMove authorization, the "move" appears, but I could not find the equivalent for the "edit" button.<br></p><p style="font-family:sans-serif;font-size:12.8px">Any suggestions of what I am missing?</p><p style="font-family:sans-serif;font-size:12.8px">some_role.xml :</p><p style="font-family:sans-serif;font-size:12.8px"><authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <name>GUI authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">    </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px"><authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <name>Organization add authorization</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">            <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">    </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">    <authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <name>Organization items read authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">            <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>name</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>description</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>displayName</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>emailAddress</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>telephoneNumber</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>jpegPhoto</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>identifier</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>mailDomain</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>displayOrder</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>locale</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>preferredLanguage</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>locality</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>lifecycleState</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">    </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">    <authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <name>Organization items modify authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">            <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>name</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>description</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>displayName</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>emailAddress</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>telephoneNumber</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <item>jpegPhoto</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">    </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">    <authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <name>Organization items get and search authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">            <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search" style="text-decoration-line:none;color:rgb(66,133,244)">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">    </authorization></p></div>