[MID-3815] Indirect relation=manager assignment of Authorization (MP only) role - Evolveum Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.6 (Comenius)
Component/s: None
Labels:
- V

Description

We have Organization that is inducing role for sub-orgs managers.

      <inducement id="2">
         <targetRef oid="role-virtuser-manager" type="c:RoleType"/>
 		<orderConstraint>
        	<c:orderMin>1</c:orderMin>
        	<c:orderMax>unbounded</c:orderMax>
            <c:relation xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">org:manager</c:relation>
        </orderConstraint>        
      </inducement>

Role role-virtuser-manager grants inner authorization to mp, e.g. edit user. Role works perfectly when assigned directly.

In Admin GUI - user profile - Assignments - Show all assignments I can see, that induced role is assigned indirectly (see screenshot) - this is correct.

However, when logged under the user (base end-user), going to his dashboard or userprofile - Show all assignments DOES NOT show the indirect role. Also the logged user does not have the right authorization.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

screenshot-1.png
33 kB
23/Mar/17 7:32 PM
screenshot-2.png
148 kB
24/Mar/17 8:38 PM
virtIndirect.PNG
33 kB
13/Mar/17 6:31 PM

Activity

People

Assignee:: Martin Lizner

Reporter:: Martin Lizner

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Mar/17 6:32 PM

Updated:: 29/Mar/17 11:44 AM

Resolved:: 25/Mar/17 8:12 AM