<div dir="ltr">It looks like this approach doesn't work for tasks. If I comment #tasks and leave #tasksView I can't see Server Task menu as well as access task collection "organization-tasks" via link<br><a href="https://midpoint.dev.e.gov.ua/midpoint/admin/tasks&collectionName=organization-tasks">https://midpoint.host/midpoint/admin/tasks&collectionName=organization-tasks</a><br>getting <br>TRACE (com.evolveum.midpoint.security.api.SecurityUtil): Denied access to filter invocation [GET /admin/tasks?collectionName=organization-tasks] by <a href="mailto:someone@mon.dev">someone@mon.dev</a> : Not authorized; one of the following authorization actions is required: [<a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAll">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAll</a>, <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks</a>, <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all</a>]<br>From my point of view this looks like a bug.
I use 4.4.3. <div><br>Is there any workaround?<br> </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 25 Apr 2023 at 18:05, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Ivan,<br><div>Thank you so much!</div><div>It works</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 25 Apr 2023 at 12:34, Ivan Noris via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Yakov,</p>
<p>to hide All resources menu item, omit #resources authorization
and keep only #resourcesView.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div>On 24. 4. 2023 19:09, Yakov Revyakin
via midPoint wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I don't know how, but my configuration above
started working magically. <br>
Still interesting how to hide standard menu items:
<div>All resources for Resource</div>
<div>All tasks & predefined objectcollectionviews for well
known task types in Server Tasks.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, 24 Apr 2023 at 18:08,
Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com" target="_blank">yrevyakin@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>
<div id="m_586363949683375365m_715216252786924937m_-5338050684335220697gmail-:3sd">
<div id="m_586363949683375365m_715216252786924937m_-5338050684335220697gmail-:3qr" aria-label="Message Body" role="textbox" aria-multiline="true" style="direction:ltr;min-height:445px" aria-controls=":4rj">Hi all,<br>
<div>I need to customize LeftMenuPanel via a custom
user role.</div>
<div>For example, using UI authorizations I can enable
the "Resources" menu and the "All Resources" item
inside.</div>
<div>I'd like to add another objectCollectionView for
ResourceType named "Active Resources".</div>
<div>I do something like this in my custom role
assigned to appropriate user:</div>
<div>
<pre style="background-color:rgb(43,43,43);color:rgb(169,183,198);font-family:"JetBrains Mono",monospace;font-size:9.8pt"><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><authorization>
</span><span style="color:rgb(232,191,106)"> <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)"> <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesView" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesView</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)"></authorization>
</span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><authorization>
</span><span style="color:rgb(232,191,106)"> <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)"> <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#discoverConnectors" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#discoverConnectors</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)"> <object>
</span><span style="color:rgb(232,191,106)"> <type></span>ResourceType<span style="color:rgb(232,191,106)"></type>
</span><span style="color:rgb(232,191,106)"> </object>
</span><span style="color:rgb(232,191,106)"></authorization></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><adminGuiConfiguration>
</span><span style="color:rgb(232,191,106)"> <objectCollectionViews>
</span><span style="color:rgb(232,191,106)"> <objectCollectionView>
</span><span style="color:rgb(232,191,106)"> <identifier></span>resource-up<span style="color:rgb(232,191,106)"></identifier>
</span><span style="color:rgb(232,191,106)"> <display>
</span><span style="color:rgb(232,191,106)"> <pluralLabel></span>Active Resources<span style="color:rgb(232,191,106)"></pluralLabel>
</span><span style="color:rgb(232,191,106)"> </display>
</span><span style="color:rgb(232,191,106)"> <visibility></span>visible<span style="color:rgb(232,191,106)"></visibility>
</span><span style="color:rgb(232,191,106)"> <applicableForOperation></span>modify<span style="color:rgb(232,191,106)"></applicableForOperation>
</span><span style="color:rgb(232,191,106)"> <type></span>ResourceType<span style="color:rgb(232,191,106)"></type>
</span><span style="color:rgb(232,191,106)"> <collection>
</span><span style="color:rgb(232,191,106)"> <collectionRef </span><span style="color:rgb(186,186,186)">oid</span><span style="color:rgb(106,135,89)">="00000000-0000-0000-0001-000000000003" </span><span style="color:rgb(186,186,186)">type</span><span style="color:rgb(106,135,89)">="c:ObjectCollectionType"</span><span style="color:rgb(232,191,106)">/>
</span><span style="color:rgb(232,191,106)"> </collection>
</span><span style="color:rgb(232,191,106)"> </objectCollectionView></span><span style="color:rgb(232,191,106)">
</span><span style="color:rgb(232,191,106)"> <enableExperimentalFeatures></span>true<span style="color:rgb(232,191,106)"></enableExperimentalFeatures>
</span><span style="color:rgb(232,191,106)"></adminGuiConfiguration></span></pre></pre>
</div>
</div>
</div>
</div>
<div>I expect to see "Resources" and an extra item "Active
Resource" inside. But still can see only default "All
Resources".<br>
What have I missed?<br>
Is this possible to reach developing a custom role? Or
SystemConfiguration is the only place where this kind of
configuration possible? <br>
If this possible the next step is to hide "All Resources"
and leave only "Active Resources". Probably someone knows
how.<br>
Thanks,</div>
<div>Yakov <br>
<br>
<br>
</div>
<div><br>
</div>
</div>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre cols="72">--
Ivan Noris
Expert Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
</blockquote></div>