<authorization> <name>cases-assignee-self-read</name> <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action> <object> <type>CaseType</type> <assignee> <special>self</special> </assignee> </object> </authorization>
Assignee and Candidate Assignee Clause
It selects objects (cases, work items) that have an assignee which is specified by inner object selector.
The following behavior applies to midPoint 4.8.
|Object type||What are the assignees?|
During evaluation of this clause, the
self clause in the inner selector has an interpretation that slightly differs from the usual one:
Instead of matching the principal object only, it matches all of its deputies relevant for given area (i.e., case management or access certification).
ann is a deputy of
jack with the rights in the area of case management, and a case
C has a work item assigned to
ann has the authorization depicted in Listing 1, then she can read the case
C exactly as
When searching, only
selfselector is supported.
Since 4.8This functionality is available since version 4.8.
In a similar way, candidate assignees can be authorized regarding cases, certification cases, and their work items.
candidateRef item is taken into account instead of