<div style="font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#00000">Yes, it helps !<br>
It was the issue and I got the point about the namespace<br>
Thanks</div>
<div class="gl_quote" style="margin-top: 20px; padding-top: 5px;">De : "Drew Roberts"<br>
A : philippebriffod@laposte.net,"midPoint General Discussion"<br>
Envoyé: mercredi 29 Novembre 2023 17:42<br>
Objet : Re: [External] [midPoint] ERROR "Undeclared namespace prefix 'org' in 'org:manager'" when importing a new role<br>
<div class="gl_quoted">
<div dir="ltr">
<div>Oops, forgot to end the OID with a quote. Correct code example would be:</div>
<div> </div>
<div><role oid="b613c706-3889-11e6-b175-d78cc67d7066" xmlns:org="<a href="http://midpoint.evolveum.com/xml/ns/public/common/org-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a>"></div>
<div> </div>
<div>Peace be with you.</div>
</div>
<div class="gmail_quote">
<div class="gmail_attr" dir="ltr">On Wed, Nov 29, 2023 at 8:40 AM Drew Roberts <<a href="mailto:aroberts@apu.edu">aroberts@apu.edu</a>> wrote:</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>Hey Philippe,</div>
<div> </div>
<div>When you declare a namespace you need to have something that tells the system where the namespace is. Since you have something like org:maanger you need to declare what the org namespace is. You could add it to your first bit of code. Example:</div>
<div> </div>
<div><role oid="b613c706-3889-11e6-b175-d78cc67d7066 xmlns:org="<a href="http://midpoint.evolveum.com/xml/ns/public/common/org-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a>"></div>
<div> </div>
<div>Hope that helps!</div>
</div>
<div class="gmail_quote">
<div class="gmail_attr" dir="ltr">On Wed, Nov 29, 2023 at 7:49 AM Philippe via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="font-family:Arial,Helvetica,sans-serif;font-size:12px">Hello,<br>
<br>
I get this error message when I try to import a new role containing authorization (linked to the organization of the user)<br>
the goal is to create an organizational manager role having the right to manage (CRUD) identities in the organizations he manages<br>
Do you have an idea of the issue ?<br>
<br>
Thanks<br>
<br>
<br>
Midpoint version : 4.8<br>
<br>
<role oid="b613c706-3889-11e6-b175-d78cc67d7066"><br>
<name>ADMIN - Organizational Manager</name><br>
<description>Allows full identity administration for organizations where the user is a manager.</description><br>
<authorization><br>
<name>gui-access</name><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</a></action><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#orgAll</a></action><br>
</authorization><br>
<authorization><br>
<name>autz-read</name><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><br>
<object><br>
<orgRelation><br>
<subjectRelation>org:manager</subjectRelation><br>
<scope>allDescendants</scope><br>
<includeReferenceOrg>true</includeReferenceOrg><br>
</orgRelation><br>
</object><br>
</authorization><br>
<authorization><br>
<name>autz-write</name><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</a></action><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</a></action><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</a></action><br>
<object><br>
<orgRelation><br>
<subjectRelation>org:manager</subjectRelation><br>
</orgRelation><br>
</object><br>
</authorization><br>
<authorization><br>
<name>autz-shadow</name><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</a></action><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</a></action><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</a></action><br>
<action><a href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete" target="_blank">http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</a></action><br>
<object><br>
<type>ShadowType</type><br>
<owner><br>
<orgRelation><br>
<subjectRelation>org:manager</subjectRelation><br>
</orgRelation><br>
</owner><br>
</object><br>
</authorization><br>
<subtype>application</subtype><br>
</role><br>
<br>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a></blockquote>
</div>
<br clear="all">
<br>
<span class="gmail_signature_prefix">-- </span>
<div class="gmail_signature" dir="ltr">
<div dir="ltr">
<div style="font-family:sans-serif;font-size:12px;line-height:1.5em"><strong style="font-weight:bold">Drew Roberts</strong> | <strong style="font-weight:bold">Systems Administrator II</strong><br>
IT Platform Engineering, Azusa Pacific University<br>
<a href="https://apu.edu" target="_blank">apu.edu</a><br>
<br>
<img alt="APU logo" src="https://www.apu.edu/static/src/sites/strategic-communication-engagement/images/apu_125_logo.png" style="width: 210px;"></div>
</div>
</div>
</blockquote>
</div>
<br clear="all">
<br>
<span class="gmail_signature_prefix">-- </span>
<div class="gmail_signature" dir="ltr">
<div dir="ltr">
<div style="font-family:sans-serif;font-size:12px;line-height:1.5em"><strong style="font-weight:bold">Drew Roberts</strong> | <strong style="font-weight:bold">Systems Administrator II</strong><br>
IT Platform Engineering, Azusa Pacific University<br>
<a href="https://apu.edu" target="_blank">apu.edu</a><br>
<br>
<img alt="APU logo" src="https://www.apu.edu/static/src/sites/strategic-communication-engagement/images/apu_125_logo.png" style="width: 210px;"></div>
</div>
</div>
</div>
</div>