
<div dir="ltr">I was looking for an answer how to limit roles list a post before. You can find explanation in the topic "Authorization role to allow read own managers"<br><div>Main mistake is using "#read" authorization which means "#get" + "#search".<br>To limit a list you need to use "#search" for RoleType I think. </div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 15 May 2023 at 18:35, Sébastien MARBRIER via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg7719517374412425813">


<div lang="FR-CH">

<div class="m_9143393983227686221WordSection1">

<p class="MsoNormal"><span lang="EN-US">Dear Community<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">I have a role to assign and unassign a few roles to users.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">I did it this way to list the allowed roles:<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><authorization id="41"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get</a></action><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">        <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">        <object id="31"><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">            <type>ObjectCollectionType</type><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">            <filter><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">                <q:inOid><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">                    <q:value>oidValue</q:value><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">                </q:inOid><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">            </filter><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">        </object><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">    </authorization><u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">And so on.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Then, when the “manager” clicks on a user to add a role, the  desired roles are available and it can perform the assign/unassign operation.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">The issue is that requestable  roles are also listed even if the assign/unassign operation cannot be performed.<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">In order to have a clean view, how the unwanted roles can be hidden ?<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">I also have another issue, the Preview Changes button does not work for my user manager, do you know a way either to give the permission or simply to hide this button from the GUI ?<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">My midpoint version is a 4.0.1<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><span lang="EN-US">Best regards,<u></u><u></u></span></p>

<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<table border="0" cellspacing="0" cellpadding="0">

<tbody>

<tr>

<td width="188" style="width:141pt;border-top:none;border-bottom:none;border-left:none;border-right:2.25pt solid rgb(255,23,56);padding:0cm 7.5pt 0cm 0cm">

<p class="MsoNormal" align="right" style="text-align:right">

<a href="https://www.positivethinking.tech/" target="_blank"><span style="font-size:12pt;font-family:"Times New Roman",serif;color:blue;text-decoration:none"><img border="0" width="170" height="79" style="width: 1.7708in; height: 0.8229in;" id="m_9143393983227686221_x0000_i1030" src="cid:188239165984cff311" alt="logo"></span></a><span style="font-size:12pt;font-family:"Times New Roman",serif"><u></u><u></u></span></p>

</td>

<td width="10" style="width:7.5pt;padding:0cm">

<p class="MsoNormal"><span style="font-size:12pt;font-family:"Times New Roman",serif"> <u></u><u></u></span></p>

</td>

<td width="497" valign="top" style="width:372.75pt;padding:0cm">

<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10pt;font-family:Tahoma,sans-serif;color:rgb(255,0,68)">Sébastien Marbrier</span></b><span lang="EN-US" style="font-size:10pt;font-family:Tahoma,sans-serif;color:rgb(255,0,68)">

</span><span lang="EN-US" style="font-size:10pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"> | Senior IT Consultant<br>

</span><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"><a href="mailto:smarbrier@positivethinking.tech" target="_blank"><span lang="EN-US" style="color:rgb(255,0,68)">smarbrier@positivethinking.tech</span></a></span><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)">

</span><span lang="EN-US" style="font-size:5pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"><br>

  </span><span lang="EN-US" style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"><br>

Tel. </span><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"><a href="tel:+41%2021%20601%2081%2000" target="_blank"><span style="color:rgb(119,119,119);text-decoration:none">+41 21 601 81 00</span></a>

</span><span style="font-size:5pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"><br>

  </span><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"><u></u><u></u></span></p>

<table border="0" cellspacing="0" cellpadding="0">

<tbody>

<tr>

<td style="padding:0cm">

<p class="MsoNormal"><a href="https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech" target="_blank"><span style="font-size:12pt;font-family:"Times New Roman",serif;color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width: 0.2083in; height: 0.2083in;" id="m_9143393983227686221_x0000_i1029" src="cid:188239165985b16b22" alt="Teams chat"></span></a><span style="font-size:12pt;font-family:"Times New Roman",serif"><u></u><u></u></span></p>

</td>

<td style="padding:0cm">

<p class="MsoNormal"><span style="font-size:12pt;font-family:"Times New Roman",serif"><a href="https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech" target="_blank"><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119);text-decoration:none"> </span></a>

<u></u><u></u></span></p>

</td>

<td style="padding:0cm">

<p class="MsoNormal"><span style="font-size:12pt;font-family:"Times New Roman",serif"><a href="https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech" target="_blank"><span lang="EN-US" style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)">Chat

 with me on Teams</span></a></span><span style="font-size:12pt;font-family:"Times New Roman",serif">

<span lang="EN-US"><u></u><u></u></span></span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><span lang="EN-US" style="font-size:1pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"><br>

  </span><span lang="EN-US" style="font-size:12pt;font-family:"Times New Roman",serif"><u></u><u></u></span></p>

</td>

</tr>

<tr>

<td style="border-top:none;border-bottom:none;border-left:none;border-right:2.25pt solid rgb(255,23,56);padding:0cm 7.5pt 0cm 0cm">

<p class="MsoNormal" align="right" style="text-align:right">

<span lang="EN-US" style="font-size:12pt;font-family:"Times New Roman",serif"><br>

</span><a href="https://www.linkedin.com/company/the-positive-thinking-company/" target="_blank"><span style="font-size:12pt;font-family:"Times New Roman",serif;color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width: 0.2083in; height: 0.2083in;" id="m_9143393983227686221_x0000_i1028" src="cid:18823916598692e333"></span></a><span style="font-size:12pt;font-family:"Times New Roman",serif"> 

</span><a href="https://www.instagram.com/positivethinkingcompany/" target="_blank"><span style="font-size:12pt;font-family:"Times New Roman",serif;color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width: 0.2083in; height: 0.2083in;" id="m_9143393983227686221_x0000_i1027" src="cid:188239165987745b44"></span></a><span style="font-size:12pt;font-family:"Times New Roman",serif"> 

</span><a href="https://twitter.com/PTC_Tech" target="_blank"><span style="font-size:12pt;font-family:"Times New Roman",serif;color:blue;text-decoration:none"><img border="0" width="20" height="20" style="width: 0.2083in; height: 0.2083in;" id="m_9143393983227686221_x0000_i1026" src="cid:18823916598855d355"></span></a><span style="font-size:12pt;font-family:"Times New Roman",serif"> 

</span><a href="https://youtube.com/channel/UCfaImWa6r0IoZoUYLhbiF7w" target="_blank"><span style="font-size:12pt;font-family:"Times New Roman",serif;color:blue;text-decoration:none"><img border="0" id="m_9143393983227686221_x0000_i1025" src="cid:188239165989374b66"></span></a><span style="font-size:12pt;font-family:"Times New Roman",serif"><u></u><u></u></span></p>

</td>

<td valign="bottom" style="padding:0cm"></td>

<td valign="bottom" style="padding:0cm">

<p class="MsoNormal"><span style="font-size:9pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)">Avenue d'Ouchy 4 – CH 1006 Lausanne<br>

<a href="https://www.positivethinking.tech/" target="_blank"><span style="color:rgb(255,0,68)">www.positivethinking.tech</span></a>

<br>

</span><span style="font-size:3.5pt;font-family:Tahoma,sans-serif;color:rgb(119,119,119)"> </span><span style="font-size:12pt;font-family:"Times New Roman",serif"><u></u><u></u></span></p>

</td>

</tr>

</tbody>

</table>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<p></p>

<hr>

<span style="font-size:8px"><em><span style="font-family:Roboto,Arial"><span style="color:rgb(119,119,119)">Collaboration Betters the World and its subsidiaries and brands (Positive Thinking Company, Versett, AlisPharm, Otofacto, OneAston and SteepConsult) put security

 at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient

 is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Collaboration Betters the World does not accept liability for any damage inflicted by using the content of this email/documents. If you are not

 the intended recipient, please notify the sender and delete this email/document.</span></span></em></span>

<p></p>

</div>


_______________________________________________<br>

midPoint mailing list<br>

<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>

<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>

</div></blockquote></div>