Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-3815

Indirect relation=manager assignment of Authorization (MP only) role

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6 (Comenius)
    • Component/s: None
    • Labels:

      Description

      We have Organization that is inducing role for sub-orgs managers.

            <inducement id="2">
               <targetRef oid="role-virtuser-manager" type="c:RoleType"/>
       		<orderConstraint>
              	<c:orderMin>1</c:orderMin>
              	<c:orderMax>unbounded</c:orderMax>
                  <c:relation xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">org:manager</c:relation>
              </orderConstraint>        
            </inducement>
      

      Role role-virtuser-manager grants inner authorization to mp, e.g. edit user. Role works perfectly when assigned directly.

      In Admin GUI - user profile - Assignments - Show all assignments I can see, that induced role is assigned indirectly (see screenshot) - this is correct.

      However, when logged under the user (base end-user), going to his dashboard or userprofile - Show all assignments DOES NOT show the indirect role. Also the logged user does not have the right authorization.

        Attachments

        1. screenshot-1.png
          screenshot-1.png
          33 kB
        2. screenshot-2.png
          screenshot-2.png
          148 kB
        3. virtIndirect.PNG
          virtIndirect.PNG
          33 kB

          Activity

            People

            Assignee:
            martin.lizner Martin Lizner
            Reporter:
            martin.lizner Martin Lizner
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: