Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-2437

Authorization role with assignment for End user role instead of inducement works strangely

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.2 (Tycho)
    • 3.2 (Tycho)
    • None
    • None

    Description

      The following role has only GUI authorization for Users tab, and assignment (not inducement) for End user role.

      If this role is assigned to user, he can log in to midPoint, and sees only his account. But why? It should have been inducement.

      After removing the assignment, 403 forbidden is returned when user tries to log in.

      <role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
            oid="1326ac7b-4f14-4779-b329-f684883abff5"
      	xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
            version="26">
         <name>adminUser</name>
         <description>adminUser</description>
         <inducement id="3">
            <targetRef oid="00000000-0000-0000-0000-000000000008" type="RoleType"/>
            <activation>
               <administrativeStatus>enabled</administrativeStatus>
            </activation>
         </inducement>
         <authorization id="2">
      <!-- This authorization enables to see Users menu -->
      <!-- XXX Authorization name CHANGED for 3.2 -->
            <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</action>
         </authorization>
      </role>
      

      Attachments

        Activity

          People

            vix Ivan Noris
            vix Ivan Noris
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: