<div dir="auto"><p style="font-family:sans-serif;font-size:12.8px">Hi all,<u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">I would like to authorize a user to assign or unasign roles to other users.<u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">I thought it was a pretty straightforward authorization like :<u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px"><authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">  <name>User assignment authorizations</name><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">  <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">  <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign</a></action><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">  <object><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">    <type>UserType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">  </object><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">  <target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">    <type>RoleType</type><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">  </target><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"></authorization><u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">But the “add” (+) and “delete” (-) buttons in the user’s assignment tab in the user edit page are still not visible (see screenshot attached).<u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px">However, I can add a role member from the role member tab in the role edit page.<u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">During my tests, I authorized all GUI (<a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all</a>) to remove the GUI authorizations from the equation, and I added all authorization-model-3 authorizations found here (<a href="https://github.com/Evolveum/midpoint/blob/support-3.9/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java" style="text-decoration-line:none;color:rgb(66,133,244)" target="_blank" rel="noreferrer">https://github.com/Evolveum/midpoint/blob/support-3.9/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelAuthorizationAction.java</a>), but these buttons are still not showing.<u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">I looked at the security log trace but did not see any meaningful deny.<u></u><u></u></p><p style="font-family:sans-serif;font-size:12.8px"><u></u> <u></u></p><p style="font-family:sans-serif;font-size:12.8px">Is this a bug I should report in JIRA?</p><div style="color:rgb(136,136,136);font-family:sans-serif;font-size:12.8px" dir="auto"><u></u><u></u></div><p style="font-family:sans-serif;font-size:12.8px"></p><div style="color:rgb(136,136,136);font-family:sans-serif;font-size:12.8px" dir="auto"><p><u></u> <u></u></p><p>-Frederic</p></div></div>