<div dir="ltr">I can see that tasksView authorization is not used currently. For left menu only the following 'view' authorizations are activated<br><div>usersView</div><div>orgsView</div><div>rolesView</div><div>servicesView</div><div>resourcesView</div><div>casesView</div><div><br></div><div>Interesting, what is the reason?</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 25 Apr 2023 at 18:32, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">It looks like this approach doesn't work for tasks. If I comment #tasks and leave #tasksView I can't see Server Task menu as well as access task collection "organization-tasks" via link<br><a href="https://midpoint.dev.e.gov.ua/midpoint/admin/tasks&collectionName=organization-tasks" target="_blank">https://midpoint.host/midpoint/admin/tasks&collectionName=organization-tasks</a><br>getting <br>TRACE (com.evolveum.midpoint.security.api.SecurityUtil): Denied access to filter invocation [GET /admin/tasks?collectionName=organization-tasks] by <a href="mailto:someone@mon.dev" target="_blank">someone@mon.dev</a> : Not authorized; one of the following authorization actions is required: [<a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAll" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasksAll</a>, <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#tasks</a>, <a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#all</a>]<br>From my point of view this looks like a bug. 
I use 4.4.3. <div><br>Is there any workaround?<br>  </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 25 Apr 2023 at 18:05, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com" target="_blank">yrevyakin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Ivan,<br><div>Thank you so much!</div><div>It works</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 25 Apr 2023 at 12:34, Ivan Noris via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF">
    <p>Hi Yakov,</p>
    <p>to hide All resources menu item, omit #resources authorization
      and keep only #resourcesView.</p>
    <p>Best regards,</p>
    <p>Ivan<br>
    </p>
    <div>On 24. 4. 2023 19:09, Yakov Revyakin
      via midPoint wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">I don't know how, but my configuration above
        started working magically. <br>
        Still interesting how to hide standard menu items:
        <div>All resources for Resource</div>
        <div>All tasks & predefined objectcollectionviews for well
          known task types in Server Tasks.</div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Mon, 24 Apr 2023 at 18:08,
          Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com" target="_blank">yrevyakin@gmail.com</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div dir="ltr">
            <div>
              <div id="m_680599591838721790m_586363949683375365m_715216252786924937m_-5338050684335220697gmail-:3sd">
                <div id="m_680599591838721790m_586363949683375365m_715216252786924937m_-5338050684335220697gmail-:3qr" aria-label="Message Body" role="textbox" aria-multiline="true" style="direction:ltr;min-height:445px" aria-controls=":4rj">Hi all,<br>
                  <div>I need to customize LeftMenuPanel via a custom
                    user role.</div>
                  <div>For example, using UI authorizations I can enable
                    the "Resources" menu and the "All Resources" item
                    inside.</div>
                  <div>I'd like to add another objectCollectionView for
                    ResourceType named "Active Resources".</div>
                  <div>I do something like this in my custom role
                    assigned to appropriate user:</div>
                  <div>
                    <pre style="background-color:rgb(43,43,43);color:rgb(169,183,198);font-family:"JetBrains Mono",monospace;font-size:9.8pt"><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><authorization>
</span><span style="color:rgb(232,191,106)">    <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)">    <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesView" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resourcesView</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)"></authorization>
</span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><authorization>
</span><span style="color:rgb(232,191,106)">    <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)">    <action></span><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#discoverConnectors" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#discoverConnectors</a><span style="color:rgb(232,191,106)"></action>
</span><span style="color:rgb(232,191,106)">    <object>
</span><span style="color:rgb(232,191,106)">        <type></span>ResourceType<span style="color:rgb(232,191,106)"></type>
</span><span style="color:rgb(232,191,106)">    </object>
</span><span style="color:rgb(232,191,106)"></authorization></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><adminGuiConfiguration>
</span><span style="color:rgb(232,191,106)">    <objectCollectionViews>
</span><span style="color:rgb(232,191,106)">        <objectCollectionView>
</span><span style="color:rgb(232,191,106)">            <identifier></span>resource-up<span style="color:rgb(232,191,106)"></identifier>
</span><span style="color:rgb(232,191,106)">            <display>
</span><span style="color:rgb(232,191,106)">                <pluralLabel></span>Active Resources<span style="color:rgb(232,191,106)"></pluralLabel>
</span><span style="color:rgb(232,191,106)">            </display>
</span><span style="color:rgb(232,191,106)">            <visibility></span>visible<span style="color:rgb(232,191,106)"></visibility>
</span><span style="color:rgb(232,191,106)">            <applicableForOperation></span>modify<span style="color:rgb(232,191,106)"></applicableForOperation>
</span><span style="color:rgb(232,191,106)">            <type></span>ResourceType<span style="color:rgb(232,191,106)"></type>
</span><span style="color:rgb(232,191,106)">            <collection>
</span><span style="color:rgb(232,191,106)">                <collectionRef </span><span style="color:rgb(186,186,186)">oid</span><span style="color:rgb(106,135,89)">="00000000-0000-0000-0001-000000000003" </span><span style="color:rgb(186,186,186)">type</span><span style="color:rgb(106,135,89)">="c:ObjectCollectionType"</span><span style="color:rgb(232,191,106)">/>
</span><span style="color:rgb(232,191,106)">            </collection>
</span><span style="color:rgb(232,191,106)">        </objectCollectionView></span><span style="color:rgb(232,191,106)">
</span><span style="color:rgb(232,191,106)">    <enableExperimentalFeatures></span>true<span style="color:rgb(232,191,106)"></enableExperimentalFeatures>
</span><span style="color:rgb(232,191,106)"></adminGuiConfiguration></span></pre></pre>
                  </div>
                </div>
              </div>
            </div>
            <div>I expect to see "Resources" and an extra item "Active
              Resource" inside. But still can see only default "All
              Resources".<br>
              What have I missed?<br>
              Is this possible to reach developing a custom role? Or
              SystemConfiguration is the only place where this kind of
              configuration possible?  <br>
              If this possible the next step is to hide "All Resources"
              and leave only "Active Resources". Probably someone knows
              how.<br>
              Thanks,</div>
            <div>Yakov <br>
              <br>
              <br>
            </div>
            <div><br>
            </div>
          </div>
        </blockquote>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <pre cols="72">-- 
Ivan Noris
Expert Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
  </div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
</blockquote></div>
</blockquote></div>