[MID-2437] Authorization role with assignment for End user role instead of inducement works strangely - Evolveum Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2 (Tycho)
Fix Version/s: 3.2 (Tycho)
Component/s: None
Labels:
None

Description

The following role has only GUI authorization for Users tab, and assignment (not inducement) for End user role.

If this role is assigned to user, he can log in to midPoint, and sees only his account. But why? It should have been inducement.

After removing the assignment, 403 forbidden is returned when user tries to log in.

<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
      oid="1326ac7b-4f14-4779-b329-f684883abff5"
	xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
      version="26">
   <name>adminUser</name>
   <description>adminUser</description>
   <inducement id="3">
      <targetRef oid="00000000-0000-0000-0000-000000000008" type="RoleType"/>
      <activation>
         <administrativeStatus>enabled</administrativeStatus>
      </activation>
   </inducement>
   <authorization id="2">
<!-- This authorization enables to see Users menu -->
<!-- XXX Authorization name CHANGED for 3.2 -->
      <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#usersAll</action>
   </authorization>
</role>

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

miso-role.xml
0.4 kB
14/Jul/15 2:57 PM

Activity

People

Assignee:: Ivan Noris

Reporter:: Ivan Noris

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Jul/15 8:09 PM

Updated:: 09/Oct/15 2:49 PM

Resolved:: 14/Jul/15 3:45 PM