<div dir="ltr">I have added following authorization to end user role to run report Users in MidPoint:<div>    <authorization id="46"><br>        <name>Allow all objects</name><br>        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#rawOperation">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#rawOperation</a></action><br>        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><br>        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#search</a></action><br>        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get</a></action><br>        <object id="7"><br>            <type>UserType</type><br>        </object><br>        <object id="8"><br>            <type>LookupTableType</type><br>        </object><br>        <object id="9"><br>            <type>ShadowType</type><br>        </object><br>        <object id="10"><br>            <type>ValuePolicyType</type><br>        </object><br>        <object id="11"><br>            <type>ConnectorType</type><br>        </object><br>        <object id="13"><br>            <type>ResourceType</type><br>        </object><br>        <object id="21"><br>            <type>RoleType</type><br>        </object><br>        <object id="22"><br>            <type>OrgType</type><br>        </object><br>        <object id="45"><br>            <type>FocusType</type><br>        </object><br>        <object id="17"><br>            <type>ReportOutputType</type><br>        </object><br>        <object id="18"><br>            <type>ReportType</type><br>        </object><br>               <object id="19"><br>            <type>TaskType</type><br>        </object><br>    </authorization><br>          <authorization id="39"><br>        <name>Allow run report</name><br>        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#runReport">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#runReport</a></action><br>    </authorization><br></div><div><br></div><div>TC:</div><div>I login as end user in mP. I go  to reports sections and choose  Users in MidPoint. I set parameter Activation to ENABLED and run report (others fields are empty). Report runs ok. </div><div><br></div><div>But, if i have mP users with some projections (they have xml tag <link ref> filled in xml) then report does not run correctly and throws error message:</div><div>[PROVISIONING] [midPointScheduler_Worker-7] ERROR (com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl): Could not search objects: Resource not defined in a search query<br>com.evolveum.midpoint.util.exception.SchemaException: Resource not defined in a search query<br></div><div><br></div><div>But, if i run mentioned report with superuser role (for example as mP administrator) report runs OK.</div><div><br></div><div>I have analyzed log (<span style="color:rgb(0,0,0);font-family:Consolas,"Bitstream Vera Sans Mono","Courier New",Courier,monospace;font-size:14px;white-space:nowrap">com.evolveum.midpoint.security: TRACE</span>) but i haven't find any solution yet. </div><div>mP env: 3.9; 4.0 </div><div><br></div><div>Any idea which authorization could help ? Appreciate any help.</div><div><br></div><div>Regards,</div><div>Lubomir Odlevak</div><div><br></div></div>