Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-2437

Authorization role with assignment for End user role instead of inducement works strangely

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2 (Tycho)
    • Fix Version/s: 3.2 (Tycho)
    • Component/s: None
    • Labels:
      None

      Description

      The following role has only GUI authorization for Users tab, and assignment (not inducement) for End user role.

      If this role is assigned to user, he can log in to midPoint, and sees only his account. But why? It should have been inducement.

      After removing the assignment, 403 forbidden is returned when user tries to log in.

      <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
            oid="1326ac7b-4f14-4779-b329-f684883abff5"
      	xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
            version="26">
         <name>adminUser</name>
         <description>adminUser</description>
         <inducement id="3">
            <targetRef oid="00000000-0000-0000-0000-000000000008" type="RoleType"/>
            <activation>
               <administrativeStatus>enabled</administrativeStatus>
            </activation>
         </inducement>
         <authorization id="2">
      <!-- This authorization enables to see Users menu -->
      <!-- XXX Authorization name CHANGED for 3.2 -->
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</action>
         </authorization>
      </role>
      

        Attachments

          Activity

            People

            Assignee:
            vix Ivan Noris
            Reporter:
            vix Ivan Noris
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: