<div dir="ltr">Hi all,<div>I'm looking for a way to authorize a user to read their own managers. </div><div><br></div><div>In case of a role request for self (with assigned built-in End-User role) we can see in UI, clicking on button "Requesting for", that users' list is limited by self.</div><div>In metarole I have definition: <br><br></div><div>              <approverExpression><br>                <script><br>                  <code><br>                    return midpoint.getManagersOidsExceptUser(object)<br>                  </code><br>                </script><br>              </approverExpression></div><div>              <evaluationStrategy>firstDecides</evaluationStrategy><br>              <outcomeIfNoApprovers>reject</outcomeIfNoApprovers><br><br>If the user requests a role, getManagersOidsExceptUser() can't return managers because it is not authorized. This results in automatic rejection of the request.</div><div>If I'm adding something like this: <br></div><div><br></div><div>  <authorization><br>    <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><br>    <object><br>      <type>UserType</type><br>    </object><br>  </authorization><br></div><div><br></div><div>getManagersOidsExceptUser() returns managers correctly. But, clicking on the button "Requesting for" I can see all existing users. But I still want to see only myself in the list.</div><div><br></div><div><div>How to get the user authorized to read own managers? And, at the same time, not to break user list under the "Requesting for" button with extra users?  </div><div></div></div><div><br><div>Thanks,</div></div><div>Yakov</div></div>