<div style="font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#00000">‌Hello,<br>
<br>
I get this error message when I try to import a new role containing authorization (linked to the organization of the user)<br>
the goal is to create an organizational manager role having the right to manage (CRUD) identities in the organizations he manages<br>
Do you have an idea of the issue ?<br>
<br>
Thanks<br>
<br>
<br>
Midpoint version : 4.8<br>
<br>
<role oid="b613c706-3889-11e6-b175-d78cc67d7066"><br>
        <name>ADMIN - Organizational Manager</name><br>
        <description>Allows full identity administration for organizations where the user is a manager.</description><br>
        <authorization><br>
            <name>gui-access</name><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</action><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll</action><br>
        </authorization><br>
        <authorization><br>
            <name>autz-read</name><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action><br>
            <object><br>
                <orgRelation><br>
                    <subjectRelation>org:manager</subjectRelation><br>
                    <scope>allDescendants</scope><br>
                    <includeReferenceOrg>true</includeReferenceOrg><br>
                </orgRelation><br>
            </object><br>
        </authorization><br>
        <authorization><br>
            <name>autz-write</name><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action><br>
            <object><br>
                <orgRelation><br>
                    <subjectRelation>org:manager</subjectRelation><br>
                </orgRelation><br>
            </object><br>
        </authorization><br>
        <authorization><br>
            <name>autz-shadow</name><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action><br>
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action><br>
            <object><br>
                <type>ShadowType</type><br>
                <owner><br>
                    <orgRelation><br>
                        <subjectRelation>org:manager</subjectRelation><br>
                    </orgRelation><br>
                </owner><br>
            </object><br>
        </authorization><br>
        <subtype>application</subtype><br>
</role><br>
<br>
 </div>