From 1961d1500e76497b897e2c2dd7ec0027830b4cae Mon Sep 17 00:00:00 2001
From: Radovan Semancik <radovan.semancik@evolveum.com>
Date: Mon, 5 Sep 2016 10:18:12 +0200
Subject: [PATCH] Initial objects for the release

---
 config/initial-objects/040-role-enduser.xml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/config/initial-objects/040-role-enduser.xml b/config/initial-objects/040-role-enduser.xml
index 1976c4b67b6..74751a64b26 100644
--- a/config/initial-objects/040-role-enduser.xml
+++ b/config/initial-objects/040-role-enduser.xml
@@ -122,12 +122,14 @@
     	<item>roleMembershipRef</item>
     </authorization>
     <authorization>
-    	<name>self-shadow-execution-modify</name>
+    	<name>self-shadow-execution-add-modify-delete</name>
     	<description>
-    		Authorization that allows to self-modification of some properties on user's accounts, but only in execution phase. 
-    		The limitation real limitation of these operations is done in the request phase.
+    		Authorization that allows to self-modification of user's accounts, but only in execution phase.
+    		The real limitation of these operations is done in the request phase.
     	</description>
+		<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#add</action>
     	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#modify</action>
+    	<action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#delete</action>
     	<phase>execution</phase>
     	<object>
     		<type>ShadowType</type>
@@ -135,7 +137,6 @@
     			<special>self</special>
     		</owner>
     	</object>
-    	<item>credentials</item>
     </authorization>
     <authorization>
     	<name>assignment-target-read</name>