<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Markus,</p>
<p>I think you are hitting this:</p>
<p><a class="moz-txt-link-freetext" href="https://docs.evolveum.com/midpoint/reference/support-4.8/admin-gui/admin-gui-config/#how-it-works">https://docs.evolveum.com/midpoint/reference/support-4.8/admin-gui/admin-gui-config/#how-it-works</a></p>
<p>"
If several roles specify conflicting values then the behavior is
unpredictable.
It is a responsibility of midPoint administrator to ensure the
consistency."</p>
<p>Last time I had this issue, I resorted to have two distinct
roles, one for end user and other for admin users (in my case)
conditionally induced from main end user role.</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 3. 7. 2025 9:10, Markus Calmius via
midPoint wrote:<br>
</div>
<blockquote type="cite"
cite="mid:tHgZwByR0MS45paGBHeJn_YjowwSyWDrjCZzKdoE2rUVhZN9cv65o6gdZ0R-PPn4oXjjoVdmWXnIGjiX7PbEgwc-_enWz6UvMmodpXlE6Ss=@proton.ch">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div data-start="173" data-end="176"
style="margin-top: 14px; margin-bottom: 14px;">
<p><span style="font-size: 0.875rem;">Hi,</span></p>
<p>Info: running MidPoint 4.8.5.</p>
<p>Following up on my earlier message regarding delegations: </p>
<p>I’d like to hide the <em>Delegations</em> and <em>Delegated
to Me</em> panels for all standard users, but ensure they
remain visible for users who have delegation rights.</p>
<p>Based on the documentation, I assumed this could be achieved
by setting:</p>
<pre><code><visibility>vacant</visibility>
</code></pre>
<p>in the role assigned to all users, and then overriding it
with <code><visibility>automatic</visibility></code>
or <code><visibility>visible</visibility></code>
in the role granted to users with delegation rights. However,
this doesn’t seem to have the intended effect.</p>
<p>Additional context:</p>
<ul>
<li>
<p>All users are assigned a <strong>basic access</strong>
role</p>
</li>
<li>
<p>A subset of users also receive an <strong>authorised to
approve and delegate</strong> role</p>
</li>
</ul>
<p>Currently, the <em>Delegations</em> panels are hidden for
all users—even those who have the additional delegation role.</p>
<p>Any guidance on how to resolve this would be appreciated.</p>
<p>Thanks in advance,</p>
<p>Markus</p>
</div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"
class="protonmail_signature_block">
<div class="protonmail_signature_block-user"> </div>
<div
class="protonmail_signature_block-proton protonmail_signature_block-empty">
</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre wrap="" class="moz-quote-pre">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Expert Identity Engineer
evolveum.com
</pre>
</body>
</html>