Hi Maria,
Your problem is related to entitlements REALM_DELETE, REALM_UPDATE and
REALM_CREATE. If you want to enable realm read/editing you need to add
also other entitlements, otherwise remove those three entitlements.
This set for example should work:
RESOURCE_READ, RELATIONSHIPTYPE_READ, IMPLEMENTATION_READ,
REMEDIATION_LIST, TASK_LIST, RELATIONSHIPTYPE_LIST, IMPLEMENTATION_LIST,
USER_CREATE, GROUP_SEARCH, RESOURCE_LIST, ANYTYPE_READ, USER_SEARCH,
ACCESS_TOKEN_LIST, CONFIGURATION_LIST, ANYTYPECLASS_READ, ROLE_LIST,
ANYTYPECLASS_LIST, USER_READ, ROLE_READ, REALM_DELETE, SCHEMA_LIST,
USER_DELETE, REALM_UPDATE, SECURITY_QUESTION_READ, REALM_CREATE,
ANYTYPE_LIST, USER_UPDATE, POLICY_READ, GROUP_READ, POLICY_LIST,
REALM_LIST, TASK_READ, DOMAIN_READ, DYNREALM_READ
Best regards,
Andrea
Il 10/09/2018 12:03, Maria Barth ha scritto:
Hello,
I am evalueting Syncope as a possible IDM-system for integrating in a
new product.
One of the requirements is to have an administrator role allowing to
perform all actions with all realms, users, groups, roles and able to
view access tokens.
I have configured a role as following:
"entitlements":[
"ACCESS_TOKEN_LIST",
"ANYTYPE_LIST",
"ANYTYPE_READ",
"ANYTYPECLASS_LIST",
"ANYTYPECLASS_READ",
"DOMAIN_READ",
"GROUP_DELETE",
"GROUP_UPDATE",
"GROUP_CREATE",
"GROUP_LIST",
"GROUP_READ",
"GROUP_SEARCH",
"MEMBERSHIP_DELETE",
"MEMBERSHIP_UPDATE",
"MEMBERSHIP_CREATE",
"MEMBERSHIP_LIST",
"MEMBERSHIP_READ",
"POLICY_READ",
"REALM_LIST",
"REALM_CREATE",
"REALM_DELETE",
"REALM_UPDATE",
"RELATIONSHIPTYPE_LIST",
"RELATIONSHIPTYPE_READ",
"RESOURCE_LIST",
"RESOURCE_READ",
"ROLE_DELETE",
"ROLE_UPDATE",
"ROLE_CREATE",
"ROLE_LIST",
"ROLE_READ",
"USER_SEARCH",
"USER_DELETE",
"USER_CREATE",
"USER_UPDATE",
"USER_READ" ],
"realms":["/"],
It seems I am still missing some entitlements, because the user needs
to login again as soon as he hits
-the „Realms“ item on the left
-the „Details“ tab after hitting „Dashboard“ – „Users“ (see the
attachment)
-one of the leaves of the realm tree in the right corner after hitting
„Dashboard“ – „Users“.
Thank you and regards,
Maria Barth
Unsere neusten Aktionen rund um unsere Produkte finden Sie unter:
http://www.cad-schroer.de/emailaction/
------------------------------------------------------------------------------
CAD Schroer GmbH, Fritz-Peters-Strasse 11, D - 47447 Moers
Geschaeftsfuehrer: Michael Schroer, Thomas Schubert. Amtsgericht Kleve
HRB 5339 Tel.: +49 2841-9184-0 Fax: +49 2841-9184-44
------------------------------------------------------------------------------Website:
http://www.cad-schroer.de
--
Dott. Andrea Patricelli
Tel. +39 3204524292
Developer @ Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member