<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Roboto;
panose-1:2 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR-CH" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hello Yakov,
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Thank you very much for your help.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Unfortunately, the roles with the requestable attribute set to true are still visible even with your suggestion.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I am still looking at the documentation.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Best regards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Sébastien Marbrier<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Yakov Revyakin <yrevyakin@gmail.com>
<br>
<b>Sent:</b> mardi, 16 mai 2023 10:05<br>
<b>To:</b> midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Cc:</b> Sébastien MARBRIER <smarbrier@positivethinking.tech><br>
<b>Subject:</b> Re: [midPoint] Hide unwanted roles in the user role assignment tab.<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I was looking for an answer how to limit roles list a post before. You can find explanation in the topic "Authorization role to allow read own managers"<o:p></o:p></p>
<div>
<p class="MsoNormal">Main mistake is using "#read" authorization which means "#get" + "#search".<br>
To limit a list you need to use "#search" for RoleType I think. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Mon, 15 May 2023 at 18:35, Sébastien MARBRIER via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Dear Community</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I have a role to assign and unassign a few roles to users.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I did it this way to list the allowed roles:</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"><authorization id="41"></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#get</a></action></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <object id="31"></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <type>ObjectCollectionType</type></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <filter></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <q:inOid></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <q:value>oidValue</q:value></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </q:inOid></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </filter></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </object></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </authorization></span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">And so on.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Then, when the “manager” clicks on a user to add a role, the desired roles are available and it can perform the assign/unassign operation.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">The issue is that requestable roles are also listed even if the assign/unassign operation cannot be performed.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">In order to have a clean view, how the unwanted roles can be hidden ?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I also have another issue, the Preview Changes button does not work for my user manager, do you know a way either to give the permission or simply to hide this
button from the GUI ?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">My midpoint version is a 4.0.1</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Best regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td width="188" style="width:141.0pt;border:none;border-right:solid #FF1738 2.25pt;padding:0cm 7.5pt 0cm 0cm">
<p class="MsoNormal" align="right" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:right">
<a href="https://www.positivethinking.tech/" target="_blank"><span style="text-decoration:none"><img border="0" width="170" height="79" style="width:1.7708in;height:.8229in" id="m_9143393983227686221_x005f_x0000_i1030" src="cid:image001.png@01D987E3.53E283A0" alt="logo"></span></a><o:p></o:p></p>
</td>
<td width="10" style="width:7.5pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</td>
<td width="497" valign="top" style="width:372.75pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#FF0044">Sébastien Marbrier</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#FF0044">
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#777777"> | Senior IT Consultant<br>
</span><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777"><a href="mailto:smarbrier@positivethinking.tech" target="_blank"><span lang="EN-US" style="color:#FF0044">smarbrier@positivethinking.tech</span></a>
</span><span lang="EN-US" style="font-size:5.0pt;font-family:"Tahoma",sans-serif;color:#777777"><br>
</span><span lang="EN-US" style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777"><br>
Tel. </span><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777"><a href="tel:+41%2021%20601%2081%2000" target="_blank"><span style="color:#777777;text-decoration:none">+41 21 601 81 00</span></a>
</span><span style="font-size:5.0pt;font-family:"Tahoma",sans-serif;color:#777777"><br>
</span><o:p></o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech" target="_blank"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="m_9143393983227686221_x005f_x0000_i1029" src="cid:image002.png@01D987E3.53E283A0" alt="Teams chat"></span></a><o:p></o:p></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech" target="_blank"><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777;text-decoration:none"> </span></a>
<o:p></o:p></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><a href="https://teams.microsoft.com/l/chat/0/0?users=smarbrier@positivethinking.tech" target="_blank"><span lang="EN-US" style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777">Chat
with me on Teams</span></a> <o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="font-size:1.0pt;font-family:"Tahoma",sans-serif;color:#777777"><br>
</span><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="border:none;border-right:solid #FF1738 2.25pt;padding:0cm 7.5pt 0cm 0cm">
<p class="MsoNormal" align="right" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:right">
<span lang="EN-US"><br>
</span><a href="https://www.linkedin.com/company/the-positive-thinking-company/" target="_blank"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="m_9143393983227686221_x005f_x0000_i1028" src="cid:image003.png@01D987E3.53E283A0"></span></a>
<a href="https://www.instagram.com/positivethinkingcompany/" target="_blank"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="m_9143393983227686221_x005f_x0000_i1027" src="cid:image004.png@01D987E3.53E283A0"></span></a>
<a href="https://twitter.com/PTC_Tech" target="_blank"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="m_9143393983227686221_x005f_x0000_i1026" src="cid:image005.png@01D987E3.53E283A0"></span></a>
<a href="https://youtube.com/channel/UCfaImWa6r0IoZoUYLhbiF7w" target="_blank"><span style="text-decoration:none"><img border="0" width="20" height="20" style="width:.2083in;height:.2083in" id="m_9143393983227686221_x005f_x0000_i1025" src="cid:image006.png@01D987E3.53E283A0"></span></a><o:p></o:p></p>
</td>
<td valign="bottom" style="padding:0cm 0cm 0cm 0cm"></td>
<td valign="bottom" style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:#777777">Avenue d'Ouchy 4 – CH 1006 Lausanne<br>
<a href="https://www.positivethinking.tech/" target="_blank"><span style="color:#FF0044">www.positivethinking.tech</span></a>
<br>
</span><span style="font-size:3.5pt;font-family:"Tahoma",sans-serif;color:#777777"> </span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<p class="MsoNormal"><em><span style="font-size:6.0pt;font-family:Roboto;color:#777777">Collaboration Betters the World and its subsidiaries and brands (Positive Thinking Company, Versett, AlisPharm, Otofacto, OneAston and SteepConsult) put security at a high
priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient is responsible
for checking the email/documents for threats with its own security measures, prior to opening it. Collaboration Betters the World does not accept liability for any damage inflicted by using the content of this email/documents. If you are not the intended recipient,
please notify the sender and delete this email/document.</span></em> <o:p></o:p></p>
</div>
<p class="MsoNormal">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
<p></p>
<hr>
<span style="font-size:8px"><em><span style="font-family:Roboto,Arial"><span style="color:#777777">Collaboration Betters the World and its subsidiaries and brands (Positive Thinking Company, Versett, AlisPharm, Otofacto, OneAston and SteepConsult) put security
at a high priority in its conduct of business. Therefore, we have put our best efforts into ensuring that this email and its attached documents are error and virus-free. Nonetheless, full security of emails/documents cannot be ensured. Therefore, the recipient
is responsible for checking the email/documents for threats with its own security measures, prior to opening it. Collaboration Betters the World does not accept liability for any damage inflicted by using the content of this email/documents. If you are not
the intended recipient, please notify the sender and delete this email/document.</span></span></em></span>
<p></p>
</body>
</html>