<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Roboto;
panose-1:2 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:43062646;
mso-list-type:hybrid;
mso-list-template-ids:94775730 361506062 67567641 67567643 67567631 67567641 67567643 67567631 67567641 67567643;}
@list l0:level1
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:72.0pt;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:144.0pt;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:180.0pt;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:216.0pt;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:252.0pt;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:288.0pt;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:324.0pt;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:360.0pt;
text-indent:-9.0pt;}
@list l1
{mso-list-id:250773453;
mso-list-type:hybrid;
mso-list-template-ids:291118134 67567631 67567641 67567643 67567631 67567641 67567643 67567631 67567641 67567643;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Dear MidPoint Community,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">i’m fairly new to MidPoint (using 4.4.1) and at this moment i’m stuck with some organization issues where i don’t know if it’s bug or a simple misconfiguration.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m trying to setup manager role. The Manager should see his Members, assign Roles to them an setup inducements for his own org unit (Config @bottom)<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Problems:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0cm" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo1">Authorization UI Actions doesn’t work like i expected<o:p></o:p>
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1"><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll"><span style="font-size:12.0pt;font-family:Roboto;color:#2F81D4;background:white;text-decoration:none">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll</span></a>
-> works<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1"><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree"><span style="font-size:12.0pt;font-family:Roboto;color:#2F81D4;background:white;text-decoration:none">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgTree</span></a>
-> works<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1"><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct"><span style="font-size:12.0pt;font-family:Roboto;color:#2F81D4;background:white;text-decoration:none">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgStruct</span></a>
-> „Org. structure“ completly not visible<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1"><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit"><span style="font-size:12.0pt;font-family:Roboto;color:#2F81D4;background:white;text-decoration:none">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgUnit</span></a>
-> only „New organization“ in „Org. structure“ visible<o:p></o:p></li></ol>
</li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo1">I experienced strange behaviour in Org tree view (this and the following point is why i’m trying to hide it)<o:p></o:p>
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1">Assigning a role with a relation (manager) via org tree view in user object is not possible, relation falls back to default in assignment screen (works fine via „All organizations“)<o:p></o:p></li></ol>
</li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo1">Org-Tree view seems buggy when i use inheritance of orgstructures, example:<o:p></o:p>
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1">Org-Top<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1">Org-FirstLevel (Assignment to Org-Top, Inducement of Org-Top)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level2 lfo1">Org-SecondLevel (Assignment to Org-FirstLevel, Inducement of Org-FirstLevel)<o:p></o:p></li></ol>
</li></ol>
<p class="MsoNormal" style="margin-left:54.0pt">Gives me the following view in Org-Tree:<o:p></o:p></p>
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph" style="mso-list:l0 level1 lfo2">Org-Top<o:p></o:p></li><li class="MsoListParagraph" style="mso-list:l0 level1 lfo2">Org-FirstLevel<o:p></o:p>
<ol style="margin-top:0cm" start="1" type="a">
<li class="MsoListParagraph" style="mso-list:l0 level2 lfo2">Org-SecondLevel<o:p></o:p></li></ol>
</li><li class="MsoListParagraph" style="mso-list:l0 level1 lfo2">Org-SecondLevel (but why?)<o:p></o:p></li></ol>
<p class="MsoNormal" style="margin-left:54.0pt">Removing the inducement gives me the expected view.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:54.0pt"><o:p> </o:p></p>
<p class="MsoNormal">I don’t get it. Help needed. <span style="font-family:"Segoe UI Emoji",sans-serif">
😊</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Manager Role Authorization:<o:p></o:p></p>
<p class="MsoNormal"> <authorization><o:p></o:p></p>
<p class="MsoNormal"> <name>gui</name><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminAssign</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#adminUnassign</action><o:p></o:p></p>
<p class="MsoNormal"> </authorization><o:p></o:p></p>
<p class="MsoNormal"> <authorization><o:p></o:p></p>
<p class="MsoNormal"> <name>assignment</name><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#assign</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#unassign</action><o:p></o:p></p>
<p class="MsoNormal"> <object><o:p></o:p></p>
<p class="MsoNormal"> <type>OrgType</type><o:p></o:p></p>
<p class="MsoNormal"> </object><o:p></o:p></p>
<p class="MsoNormal"> <orderConstraints><o:p></o:p></p>
<p class="MsoNormal"> <orderMin>0</orderMin><o:p></o:p></p>
<p class="MsoNormal"> <orderMax>unbounded</orderMax><o:p></o:p></p>
<p class="MsoNormal"> </orderConstraints><o:p></o:p></p>
<p class="MsoNormal"> </authorization><o:p></o:p></p>
<p class="MsoNormal"> <authorization><o:p></o:p></p>
<p class="MsoNormal"> <name>autz-read</name><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action><o:p></o:p></p>
<p class="MsoNormal"> <object><o:p></o:p></p>
<p class="MsoNormal"> <orgRelation><o:p></o:p></p>
<p class="MsoNormal"> <subjectRelation>org:manager</subjectRelation><o:p></o:p></p>
<p class="MsoNormal"> <scope>allDescendants</scope><o:p></o:p></p>
<p class="MsoNormal"> <includeReferenceOrg>true</includeReferenceOrg><o:p></o:p></p>
<p class="MsoNormal"> </orgRelation><o:p></o:p></p>
<p class="MsoNormal"> </object><o:p></o:p></p>
<p class="MsoNormal"> <object><o:p></o:p></p>
<p class="MsoNormal"> <type>RoleType</type><o:p></o:p></p>
<p class="MsoNormal"> <filter><o:p></o:p></p>
<p class="MsoNormal"> <q:equal><o:p></o:p></p>
<p class="MsoNormal"> <q:path>identifier</q:path><o:p></o:p></p>
<p class="MsoNormal"> <q:value>“some string“</q:value><o:p></o:p></p>
<p class="MsoNormal"> </q:equal><o:p></o:p></p>
<p class="MsoNormal"> </filter><o:p></o:p></p>
<p class="MsoNormal"> </object><o:p></o:p></p>
<p class="MsoNormal"> </authorization><o:p></o:p></p>
<p class="MsoNormal"> <authorization><o:p></o:p></p>
<p class="MsoNormal"> <name>autz-write</name><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action><o:p></o:p></p>
<p class="MsoNormal"> <object><o:p></o:p></p>
<p class="MsoNormal"> <orgRelation><o:p></o:p></p>
<p class="MsoNormal"> <subjectRelation>org:manager</subjectRelation><o:p></o:p></p>
<p class="MsoNormal"> </orgRelation><o:p></o:p></p>
<p class="MsoNormal"> </object><o:p></o:p></p>
<p class="MsoNormal"> </authorization><o:p></o:p></p>
<p class="MsoNormal"> <authorization><o:p></o:p></p>
<p class="MsoNormal"> <name>autz-shadow</name><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action><o:p></o:p></p>
<p class="MsoNormal"> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action><o:p></o:p></p>
<p class="MsoNormal"> <object><o:p></o:p></p>
<p class="MsoNormal"> <type>ShadowType</type><o:p></o:p></p>
<p class="MsoNormal"> <owner><o:p></o:p></p>
<p class="MsoNormal"> <orgRelation><o:p></o:p></p>
<p class="MsoNormal"> <subjectRelation>org:manager</subjectRelation><o:p></o:p></p>
<p class="MsoNormal"> </orgRelation><o:p></o:p></p>
<p class="MsoNormal"> </owner><o:p></o:p></p>
<p class="MsoNormal"> </object><o:p></o:p></p>
<p class="MsoNormal"> </authorization><o:p></o:p></p>
</div>
<p style="FONT-SIZE: 11pt; FONT-FAMILY: Arial"><span id="c1-id-9" style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri">Sebastian Dornieden<br style="FONT-SIZE: 10pt">
IT-Administrator <br style="FONT-SIZE: 10pt">
Abteilung Informationstechnologie<br id="c1-id-11" style="FONT-SIZE: 10pt">
<br style="FONT-SIZE: 10pt">
</span><span id="c1-id-13" style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri">COMRAMO AG<br id="c1-id-14" style="FONT-SIZE: 10pt">
Bischofsholer Damm 89<br id="c1-id-15" style="FONT-SIZE: 10pt">
30173 Hannover<br style="FONT-SIZE: 10pt">
<br style="FONT-SIZE: 10pt">
</span><span id="c1-id-17" style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri">Handelsregister: Hannover HRB 56111<br id="c1-id-18" style="FONT-SIZE: 10pt">
Geschäftsführer: Herr Peter Nohr<br style="FONT-SIZE: 10pt">
</span><span id="c1-id-20" style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri"><br id="c1-id-21" style="FONT-SIZE: 10pt">
Mail: Sebastian.Dornieden@comramo.de<br id="c1-id-23" style="FONT-SIZE: 10pt">
Web: www.comramo.de<br style="FONT-SIZE: 10pt">
<br style="FONT-SIZE: 10pt">
</span><span style="FONT-SIZE: 11pt; FONT-FAMILY: Calibri">Hotline der Abteilung Informationstechnologie:<br style="FONT-SIZE: 10pt">
+49 511 12401-767 <br style="FONT-SIZE: 10pt">
</span></p>
<p style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><span id="c1-id-7" style="FONT-SIZE: 9pt; FONT-FAMILY: Calibri"><span style="FONT-SIZE: 8pt">Diese Information ist ausschließlich für den Adressaten bestimmt und kann vertraulich oder gesetzlich geschützte Informationen
enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat sind, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Anderen als dem bestimmungsgemäßen Adressaten ist es untersagt, diese E-Mail zu lesen, zu speichern, weiterzuleiten oder ihren
Inhalt auf welche Weise auch immer zu verwenden.</span></span></p>
<p style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><span style="FONT-SIZE: 9pt; FONT-FAMILY: Calibri"><span style="FONT-SIZE: 9pt"><span style="FONT-SIZE: 8pt">Diese E-Mail enthält kein Anerkenntnis, dass es sich beim Inhalt dieser E-Mail um eine rechtsverbindliche
Erklärung der COMRAMO AG bzw. COMRAMO KID GmbH handelt. Erklärungen, welche die COMRAMO AG bzw. die COMRAMO KID GmbH verpflichten, bedürfen jeweils der Unterschrift der zeichnungsberechtigten Person der COMRAMO AG bzw. der COMRAMO KID GmbH. Die Allgemeinen
Geschäftsbedingungen der COMRAMO AG finden Sie auf www.comramo.de und können sie dort als PDF-Datei herunterladen. Bitte beachten Sie unsere Datenschutzhinweise: https://www.comramo.de/datenschutz/
</span></span></span></p>
</body>
</html>