Assignee and Candidate Assignee Clause

Last modified 22 Aug 2023 19:13 +02:00

It selects objects (cases, work items) that have an assignee which is specified by inner object selector.

An example:

Listing 1. An authorization allowing reading any case in which the subject is an assignee

The following behavior applies to midPoint 4.8.

Table 1. Supported object types
Object type What are the assignees?


All assigneeRef values from all workItem values.


All assigneeRef values from all workItem values.

AbstractWorkItemType (work items for both types of cases)

All assigneeRef values.


During evaluation of this clause, the self clause in the inner selector has an interpretation that slightly differs from the usual one: Instead of matching the principal object only, it matches all of its deputies relevant for given area (i.e., case management or access certification). So, if ann is a deputy of jack with the rights in the area of case management, and a case C has a work item assigned to jack, and ann has the authorization depicted in Listing 1, then she can read the case C exactly as jack can.


  1. When searching, only self selector is supported.

Candidate Assignee

Since 4.8
This functionality is available since version 4.8.

In a similar way, candidate assignees can be authorized regarding cases, certification cases, and their work items. The candidateRef item is taken into account instead of assigneeRef.

Was this page helpful?
Thanks for your feedback