<div dir="auto">Hello,<div dir="auto"><br></div><div dir="auto">I found my mistake. I confused <target> (which is only useful for assignment authorization if I understood well) and <object>.</div><div dir="auto">I replaced <target> by <object> in my authorization and it works as intended.</div><div dir="auto"><br></div><div dir="auto">-Frederic</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Jul 13, 2019, 00:07 Frédéric Lohier <<a href="mailto:frederic@lohier.org">frederic@lohier.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><p style="font-family:sans-serif;font-size:12.8px">Hello,</p><p style="font-family:sans-serif;font-size:12.8px"><br></p><p style="font-family:sans-serif;font-size:12.8px">I am setting up some roles with authorizations. In my example below, I want to specify the list of items displayed in the GUI and specify some of them as read only depending on the time the user is assigned to.</p><p style="font-family:sans-serif;font-size:12.8px">The problem is that with these authorizations, the user assigned to this role <b>cannot see the "edit" link in the contextual menu</b> (small cog) of organizations in the Organization tree view/page. If I add the adminOrgMove authorization, the "move" appears, but I could not find the equivalent for the "edit" button.<br></p><p style="font-family:sans-serif;font-size:12.8px">Any suggestions of what I am missing?</p><p style="font-family:sans-serif;font-size:12.8px">some_role.xml :</p><p style="font-family:sans-serif;font-size:12.8px"><authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <name>GUI authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#home</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnitHistory</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminOrgMove</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#myWorkItems</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#claimableWorkItems</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px"><authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <name>Organization add authorization</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <name>Organization items read authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>name</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>description</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>displayName</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>emailAddress</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>telephoneNumber</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>jpegPhoto</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>identifier</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>mailDomain</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>displayOrder</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>locale</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>preferredLanguage</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>locality</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>lifecycleState</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <name>Organization items modify authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>name</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>description</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>displayName</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>emailAddress</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>telephoneNumber</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <item>jpegPhoto</item><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <name>Organization items get and search authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <type>OrgType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"> </authorization></p></div>
</blockquote></div>