Re: Syncope administrator create realms

Mon, 10 Sep 2018 06:18:01 -0700 

Hi Maria,
Your problem is related to entitlements REALM_DELETE, REALM_UPDATE and REALM_CREATE. If you want to enable realm read/editing you need to add also other entitlements, otherwise remove those three entitlements. 
This set for example should work:
RESOURCE_READ, RELATIONSHIPTYPE_READ, IMPLEMENTATION_READ, REMEDIATION_LIST, TASK_LIST, RELATIONSHIPTYPE_LIST, IMPLEMENTATION_LIST, USER_CREATE, GROUP_SEARCH, RESOURCE_LIST, ANYTYPE_READ, USER_SEARCH, ACCESS_TOKEN_LIST, CONFIGURATION_LIST, ANYTYPECLASS_READ, ROLE_LIST, ANYTYPECLASS_LIST, USER_READ, ROLE_READ, REALM_DELETE, SCHEMA_LIST, USER_DELETE, REALM_UPDATE, SECURITY_QUESTION_READ, REALM_CREATE, ANYTYPE_LIST, USER_UPDATE, POLICY_READ, GROUP_READ, POLICY_LIST, REALM_LIST, TASK_READ, DOMAIN_READ, DYNREALM_READ 

Best regards,
Andrea

Il 10/09/2018 12:03, Maria Barth ha scritto:


Hello,
I am evalueting Syncope as a possible IDM-system for integrating in a new product.
One of the requirements is to have an administrator role allowing to perform all actions with all realms, users, groups, roles and able to view access tokens. 

I have configured a role as following:

"entitlements":[

                "ACCESS_TOKEN_LIST",

                "ANYTYPE_LIST",

               "ANYTYPE_READ",

              "ANYTYPECLASS_LIST",

              "ANYTYPECLASS_READ",

             "DOMAIN_READ",

             "GROUP_DELETE",

             "GROUP_UPDATE",

             "GROUP_CREATE",

             "GROUP_LIST",

             "GROUP_READ",

             "GROUP_SEARCH",

             "MEMBERSHIP_DELETE",

             "MEMBERSHIP_UPDATE",

            "MEMBERSHIP_CREATE",

            "MEMBERSHIP_LIST",

            "MEMBERSHIP_READ",

            "POLICY_READ",

            "REALM_LIST",

            "REALM_CREATE",

            "REALM_DELETE",

            "REALM_UPDATE",

            "RELATIONSHIPTYPE_LIST",

            "RELATIONSHIPTYPE_READ",

            "RESOURCE_LIST",

            "RESOURCE_READ",

            "ROLE_DELETE",

            "ROLE_UPDATE",

            "ROLE_CREATE",

            "ROLE_LIST",

            "ROLE_READ",

            "USER_SEARCH",

            "USER_DELETE",

            "USER_CREATE",

            "USER_UPDATE",

            "USER_READ" ],

  "realms":["/"],
It seems I am still missing some entitlements, because the user needs to login again as soon as he hits 

-the „Realms“ item on the left
-the „Details“ tab after hitting „Dashboard“ – „Users“ (see the attachment)
-one of the leaves of the realm tree in the right corner after hitting „Dashboard“ – „Users“. 

Thank you and regards,

Maria Barth
Unsere neusten Aktionen rund um unsere Produkte finden Sie unter: http://www.cad-schroer.de/emailaction/ ------------------------------------------------------------------------------ CAD Schroer GmbH, Fritz-Peters-Strasse 11, D - 47447 Moers Geschaeftsfuehrer: Michael Schroer, Thomas Schubert. Amtsgericht Kleve HRB 5339 Tel.: +49 2841-9184-0 Fax: +49 2841-9184-44 ------------------------------------------------------------------------------Website: http://www.cad-schroer.de 

--
Dott. Andrea Patricelli
Tel. +39 3204524292

Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member

Reply via email to