Project

General

Profile

Actions
Copy link

Task #1749

closed

Add a permission to read a provisioning queue to "read-only all"

Added by Vladimír Kotýnek over 5 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Vladimír Kotýnek
Category:
-
Target version:
-
Start date:
07/11/2019
Due date:
% Done:

0%

Estimated time:
Owner:

Description

When I configure an evaluator with no entity type selected and select only "read" permission on a role, user with this role can't see provisioning queue and provisioning archive. Also events cannot be seen.

Please add these permissions.

Files

evaluator.png (18.5 KB) evaluator.png Vladimír Kotýnek, 07/11/2019 10:02 AM

Related issues

Is duplicate of IdStory Identity Manager - Task #1367: Entity event queue - add base permissionsClosedRadek Tomiška11/08/2018

Actions
Actions
Copy link
 #1

Updated by Radek Tomiška over 5 years ago

  • Assignee changed from Radek Tomiška to Vladimír Kotýnek
  • Target version deleted (Rhyolite (9.7.3))

Are you sure provisioning queue and provisioning archive is not available for read? I test it on current version (develop 9.7.0) ant it works correctly.

Authorities are not supported for entity event agenda - see #1367. This ticket is duplicate.

Actions
Copy link
 #2

Updated by Vladimír Kotýnek over 5 years ago

I've tested it yesterday on 9.6.5 right after upgrade (after re-login, refresh atc.). To show privisioning agendas I had to add a new evaluator with this permission. This config didn't work for me. The role already existed with this configuration in the time of the upgrade.

If it was known for 9.6.5 and was already fixed in 9.7 than it's OK and you can close this issue.

Actions
Copy link
 #4

Updated by Radek Tomiška over 5 years ago

Permisions to read provisioning queue and archive were added in 9.6.1 version (see release notes https://github.com/bcvsolutions/CzechIdMng/releases/tag/9.6.1).

Could you please check this in you environment again? Otherwise is not reproducible.

Actions
Copy link
 #5

Updated by Vladimír Kotýnek over 5 years ago

  • Status changed from New to Rejected

The problem was caused by the fact that with an active SSO when you once have an active session stored, you won't initiate a new one even if you click on "log out" button. This is a feature of SSO implementation.

The situation described in this ticket happened after an upgrade from 9.2.x to 9.6.5. The role already existed in IDM and the user was logged in before the upgrade.

Actions
Copy link
 #6

Updated by Radek Tomiška over 5 years ago

  • Is duplicate of Task #1367: Entity event queue - add base permissions added
Actions
Copy link

Also available in: Atom PDF