diff --git a/gui/admin-gui/src/main/resources/initial-objects/000-system-configuration.xml b/gui/admin-gui/src/main/resources/initial-objects/000-system-configuration.xml
index 06b08f58cc8..bf47e85552c 100644
--- a/gui/admin-gui/src/main/resources/initial-objects/000-system-configuration.xml
+++ b/gui/admin-gui/src/main/resources/initial-objects/000-system-configuration.xml
@@ -1,708 +1,708 @@
-
-
-
- SystemConfiguration
-
-
-
-
-
-
- ERROR
- ro.isdc.wro.extensions.processor.css.Less4jProcessor
-
-
-
- OFF
- org.hibernate.engine.jdbc.spi.SqlExceptionHelper
-
-
-
- OFF
- org.hibernate.engine.jdbc.batch.internal.BatchingBatch
-
-
-
- WARN
- org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl
-
-
-
- OFF
- org.hibernate.internal.ExceptionMapperStandardImpl
-
-
-
- OFF
- net.sf.jasperreports.engine.fill.JRFillDataset
-
-
-
- WARN
- org.apache.wicket.resource.PropertiesFactory
-
-
-
- ERROR
- org.springframework.context.support.ResourceBundleMessageSource
-
-
-
- INFO
- com.evolveum.midpoint.model.impl.lens.projector.Projector
-
-
-
- INFO
- com.evolveum.midpoint.model.impl.lens.Clockwork
-
-
-
- %date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n
- ${midpoint.home}/log/midpoint.log
- ${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log
- 10
- 100MB
- true
-
-
-
- %date %level: %msg%n
- ${midpoint.home}/log/midpoint-profile.log
- ${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log
- 10
- 100MB
- true
-
- MIDPOINT_LOG
- INFO
-
- false
- false
-
-
-
-
- P3M
-
-
- P1M
-
-
-
-
-
- performance
- Performance tracing
- true
- true
- performance-trace %{timestamp} %{focusName} %{milliseconds}
- true
- true
-
-
- functional
- Functional tracing
- true
- functional-trace %{timestamp} %{focusName}
- true
- true
- true
-
- normal
-
-
-
- functional-model-logging
- Functional tracing (with model logging)
- true
- functional-trace %{timestamp} %{focusName}
- true
- true
- true
-
-
- com.evolveum.midpoint.model
- TRACE
-
-
-
- normal
-
-
-
- functional-sql-logging
- Functional tracing (with SQL logging)
- true
- functional-trace %{timestamp} %{focusName}
- true
- true
- true
-
-
- org.hibernate.SQL
- TRACE
-
-
-
- normal
-
-
-
-
-
-
- /self/profile
-
- View/edit your profile
-
- fa fa-user
-
- green
- http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile
- http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll
-
-
- /self/credentials
-
- View/edit your credentials
-
- fa fa-shield
-
- blue
- http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials
- http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll
-
-
- /admin/users
-
-
- fa fa-users
-
- red
- http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users
-
-
- /admin/resources
-
-
- fa fa-database
-
- purple
- http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources
-
-
-
- my-cases
-
-
-
- My cases
- My case
-
- fe fe-case-object
-
-
- 1000
- CaseType
-
-
-
-
-
-
- manual-case-view
-
-
-
- All manual cases
- Manual case
- Manual provisioning cases
-
- 1010
- CaseType
-
-
-
-
-
-
- operation-request-case-view
-
-
-
- All requests
- Request
- Operation requests
-
- 1020
- CaseType
-
-
-
-
-
-
- approval-case-view
-
-
-
- All approvals
- Approval
- Approval cases
-
- 1030
- CaseType
-
-
-
-
-
-
- reconciliation-tasks-view
- 30
- TaskType
-
-
-
-
-
- recomputation-tasks-view
- 30
- TaskType
-
-
-
-
-
- import-tasks-view
- 30
- TaskType
-
-
-
-
-
- live-sync-tasks-view
- 30
- TaskType
-
-
-
-
-
- async-update-tasks-view
- 30
- TaskType
-
-
-
-
-
- cleanup-tasks-view
- 30
- TaskType
-
-
-
-
-
- report-tasks-view
- 30
- TaskType
-
-
-
-
-
- single-bulk-action-tasks-view
- 30
- TaskType
-
-
-
-
-
- iterative-bulk-action-tasks-view
- 30
- TaskType
-
-
-
-
-
- certification-tasks-view
- 30
- TaskType
-
-
-
-
-
- approval-tasks-view
- 30
- TaskType
-
-
-
-
-
- utility-tasks-view
- 30
- TaskType
-
-
-
-
-
- system-tasks-view
- 30
- TaskType
-
-
-
-
-
-
-
- c:TaskType
-
- 150
-
-
-
- -
- cleanupAfterCompletion
-
- -
- threadStopAction
-
- -
- binding
-
- -
- dependent
-
-
-
- 900
-
-
-
- -
- executionStatus
-
- -
- node
-
- -
- nodeAsObserved
-
- -
- resultStatus
-
- -
- result
-
- -
- nextRunStartTimestamp
-
- -
- nextRetryTimestamp
-
- -
- unpauseAction
-
- -
- taskIdentifier
-
- -
- parent
-
- -
- waitingReason
-
- -
- stateBeforeSuspend
-
- -
- category
-
- -
- handlerUri
-
- -
- otherHandlersUriStack
-
- -
- channel
-
- -
- subtaskRef
-
- -
- dependentTaskRef
-
- -
- lastRunStartTimestamp
-
- -
- lastRunFinishTimestamp
-
- -
- completionTimestamp
-
-
-
- 910
- hidden
-
-
-
- -
- progress
-
- -
- expectedTotal
-
- -
- stalledSince
-
-
-
-
-
-
-
-
-
- safe
-
- "Safe" expression profile. It is supposed to contain only operations that are "safe",
- i.e. operations that have very little risk to harm the system, circumvent midPoint security
- and so on. Use of those operations should be reasonably safe in all expressions.
- However, there are limitations. This profile may incomplete or it may even be not completely secure.
- Proper security testing of this profile was not yet conducted. It is provided here "AS IS",
- without any guarantees. Use at your own risk.
-
- deny
-
- asIs
- allow
-
-
- path
- allow
-
-
- value
- allow
-
-
- const
- allow
-
-
- script
- deny
-
-
-
-
- script-safe
- deny
-
- com.evolveum.midpoint.xml.ns._public.common.common_3
- MidPoint common schema - generated bean classes
- allow
-
-
- com.evolveum.prism.xml.ns._public.types_3
- Prism schema - bean classes
- allow
-
-
- java.lang.Integer
- allow
-
-
- java.lang.Object
- Basic Java operations.
- deny
-
- equals
- allow
-
- hashCode
- allow
-
-
-
- java.lang.String
- String operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
-
-
- java.lang.CharSequence
- allow
-
-
- java.lang.Enum
- allow
-
-
- java.util.List
- List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
-
-
- java.util.ArrayList
- List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
- allow
-
- execute
- deny
-
-
-
- java.util.Map
- allow
-
-
- java.util.HashMap
- allow
-
-
- java.util.Date
- allow
-
-
- javax.xml.namespace.QName
- allow
-
-
- javax.xml.datatype.XMLGregorianCalendar
- allow
-
-
- java.lang.System
- Just a few methods of System are safe enough.
- deny
-
- currentTimeMillis
- allow
-
-
-
- java.lang.IllegalStateException
- Basic Java exception. Also used in test.
- allow
-
-
- java.lang.IllegalArgumentException
- Basic Java exception.
- allow
-
-
- com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions
- MidPoint basic functions library
- allow
-
-
- com.evolveum.midpoint.model.common.expression.functions.LogExpressionFunctions
- MidPoint logging functions library
- allow
-
-
- com.evolveum.midpoint.report.impl.ReportFunctions
- MidPoint report functions library
- allow
-
-
- org.apache.commons.lang.StringUtils
- Apache Commons: Strings
- allow
-
-
-
-
-
-
-
-
+
+
+
+ SystemConfiguration
+
+
+
+
+
+
+ ERROR
+ ro.isdc.wro.extensions.processor.css.Less4jProcessor
+
+
+
+ OFF
+ org.hibernate.engine.jdbc.spi.SqlExceptionHelper
+
+
+
+ OFF
+ org.hibernate.engine.jdbc.batch.internal.BatchingBatch
+
+
+
+ WARN
+ org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl
+
+
+
+ OFF
+ org.hibernate.internal.ExceptionMapperStandardImpl
+
+
+
+ OFF
+ net.sf.jasperreports.engine.fill.JRFillDataset
+
+
+
+ WARN
+ org.apache.wicket.resource.PropertiesFactory
+
+
+
+ ERROR
+ org.springframework.context.support.ResourceBundleMessageSource
+
+
+
+ INFO
+ com.evolveum.midpoint.model.impl.lens.projector.Projector
+
+
+
+ INFO
+ com.evolveum.midpoint.model.impl.lens.Clockwork
+
+
+
+ %date [%X{subsystem}] [%thread] %level \(%logger\): %msg%n
+ ${midpoint.home}/log/midpoint.log
+ ${midpoint.home}/log/midpoint-%d{yyyy-MM-dd}.%i.log
+ 10
+ 100MB
+ true
+
+
+
+ %date %level: %msg%n
+ ${midpoint.home}/log/midpoint-profile.log
+ ${midpoint.home}/log/midpoint-profile-%d{yyyy-MM-dd}.%i.log
+ 10
+ 100MB
+ true
+
+ MIDPOINT_LOG
+ INFO
+
+ false
+ false
+
+
+
+
+ P3M
+
+
+ P1M
+
+
+
+
+
+ performance
+ Performance tracing
+ true
+ true
+ performance-trace %{timestamp} %{focusName} %{milliseconds}
+ true
+ true
+
+
+ functional
+ Functional tracing
+ true
+ functional-trace %{timestamp} %{focusName}
+ true
+ true
+ true
+
+ normal
+
+
+
+ functional-model-logging
+ Functional tracing (with model logging)
+ true
+ functional-trace %{timestamp} %{focusName}
+ true
+ true
+ true
+
+
+ com.evolveum.midpoint.model
+ TRACE
+
+
+
+ normal
+
+
+
+ functional-sql-logging
+ Functional tracing (with SQL logging)
+ true
+ functional-trace %{timestamp} %{focusName}
+ true
+ true
+ true
+
+
+ org.hibernate.SQL
+ TRACE
+
+
+
+ normal
+
+
+
+
+
+
+ /self/profile/user
+
+ View/edit your profile
+
+ fa fa-user
+
+ green
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfProfile
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll
+
+
+ /self/credentials
+
+ View/edit your credentials
+
+ fa fa-shield
+
+ blue
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfCredentials
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#selfAll
+
+
+ /admin/users
+
+
+ fa fa-users
+
+ red
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#users
+
+
+ /admin/resources
+
+
+ fa fa-database
+
+ purple
+ http://midpoint.evolveum.com/xml/ns/public/security/authorization-ui-3#resources
+
+
+
+ my-cases
+
+
+
+ My cases
+ My case
+
+ fe fe-case-object
+
+
+ 1000
+ CaseType
+
+
+
+
+
+
+ manual-case-view
+
+
+
+ All manual cases
+ Manual case
+ Manual provisioning cases
+
+ 1010
+ CaseType
+
+
+
+
+
+
+ operation-request-case-view
+
+
+
+ All requests
+ Request
+ Operation requests
+
+ 1020
+ CaseType
+
+
+
+
+
+
+ approval-case-view
+
+
+
+ All approvals
+ Approval
+ Approval cases
+
+ 1030
+ CaseType
+
+
+
+
+
+
+ reconciliation-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ recomputation-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ import-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ live-sync-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ async-update-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ cleanup-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ report-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ single-bulk-action-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ iterative-bulk-action-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ certification-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ approval-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ utility-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+ system-tasks-view
+ 30
+ TaskType
+
+
+
+
+
+
+
+ c:TaskType
+
+ 150
+
+
+
+ -
+ cleanupAfterCompletion
+
+ -
+ threadStopAction
+
+ -
+ binding
+
+ -
+ dependent
+
+
+
+ 900
+
+
+
+ -
+ executionStatus
+
+ -
+ node
+
+ -
+ nodeAsObserved
+
+ -
+ resultStatus
+
+ -
+ result
+
+ -
+ nextRunStartTimestamp
+
+ -
+ nextRetryTimestamp
+
+ -
+ unpauseAction
+
+ -
+ taskIdentifier
+
+ -
+ parent
+
+ -
+ waitingReason
+
+ -
+ stateBeforeSuspend
+
+ -
+ category
+
+ -
+ handlerUri
+
+ -
+ otherHandlersUriStack
+
+ -
+ channel
+
+ -
+ subtaskRef
+
+ -
+ dependentTaskRef
+
+ -
+ lastRunStartTimestamp
+
+ -
+ lastRunFinishTimestamp
+
+ -
+ completionTimestamp
+
+
+
+ 910
+ hidden
+
+
+
+ -
+ progress
+
+ -
+ expectedTotal
+
+ -
+ stalledSince
+
+
+
+
+
+
+
+
+
+ safe
+
+ "Safe" expression profile. It is supposed to contain only operations that are "safe",
+ i.e. operations that have very little risk to harm the system, circumvent midPoint security
+ and so on. Use of those operations should be reasonably safe in all expressions.
+ However, there are limitations. This profile may incomplete or it may even be not completely secure.
+ Proper security testing of this profile was not yet conducted. It is provided here "AS IS",
+ without any guarantees. Use at your own risk.
+
+ deny
+
+ asIs
+ allow
+
+
+ path
+ allow
+
+
+ value
+ allow
+
+
+ const
+ allow
+
+
+ script
+ deny
+
+
+
+
+ script-safe
+ deny
+
+ com.evolveum.midpoint.xml.ns._public.common.common_3
+ MidPoint common schema - generated bean classes
+ allow
+
+
+ com.evolveum.prism.xml.ns._public.types_3
+ Prism schema - bean classes
+ allow
+
+
+ java.lang.Integer
+ allow
+
+
+ java.lang.Object
+ Basic Java operations.
+ deny
+
+ equals
+ allow
+
+ hashCode
+ allow
+
+
+
+ java.lang.String
+ String operations are generally safe. But Groovy is adding execute() method which is very dangerous.
+ allow
+
+ execute
+ deny
+
+
+
+ java.lang.CharSequence
+ allow
+
+
+ java.lang.Enum
+ allow
+
+
+ java.util.List
+ List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
+ allow
+
+ execute
+ deny
+
+
+
+ java.util.ArrayList
+ List operations are generally safe. But Groovy is adding execute() method which is very dangerous.
+ allow
+
+ execute
+ deny
+
+
+
+ java.util.Map
+ allow
+
+
+ java.util.HashMap
+ allow
+
+
+ java.util.Date
+ allow
+
+
+ javax.xml.namespace.QName
+ allow
+
+
+ javax.xml.datatype.XMLGregorianCalendar
+ allow
+
+
+ java.lang.System
+ Just a few methods of System are safe enough.
+ deny
+
+ currentTimeMillis
+ allow
+
+
+
+ java.lang.IllegalStateException
+ Basic Java exception. Also used in test.
+ allow
+
+
+ java.lang.IllegalArgumentException
+ Basic Java exception.
+ allow
+
+
+ com.evolveum.midpoint.model.common.expression.functions.BasicExpressionFunctions
+ MidPoint basic functions library
+ allow
+
+
+ com.evolveum.midpoint.model.common.expression.functions.LogExpressionFunctions
+ MidPoint logging functions library
+ allow
+
+
+ com.evolveum.midpoint.report.impl.ReportFunctions
+ MidPoint report functions library
+ allow
+
+
+ org.apache.commons.lang.StringUtils
+ Apache Commons: Strings
+ allow
+
+
+
+
+
+
+
+