[midPoint] Assigning roles based on attribute values

Paul Heaney lists at pheaney.co.uk
Thu Mar 20 09:33:08 CET 2014 

Hi Ivan,

Appologies I've it working correctly with object templates on user 
creation though I'm attempting to update the roles assignment on 
subsequent synchronisations based on attributes from the source system e.g.

* On initial sync user is granted the student role within the object 
template (this working successfully)
* On a subsequent sync the user is flagged as a official in the students 
union so needs assigning the student union role as well
* On a subsequent sync the student union flag is remeoved and the 
student union role needs removing

 From the documentation it would appear that I should be able to assign 
these roles though I'm struggling to get this working on subsequent 
syncs as object templates are not used at this phase

Thanks
Paul

On 19/03/14 19:49, Ivan Noris wrote:
> Hi Paul,
>
> I'm not sure what have you already done in the object template, but
> maybe this snippet may be usable for you, or for someone on this list:
>
> The mapping is in default user template and is assigning the "Employee"
> role based on the conditions. If the condition is false, the role is
> unassigned (i.e. when the employee leaves the company).
>
>      <mapping>
>      <name>EXAMPLE User Template: EXAMPLE Employee Role</name>
>          <source>
>              <path>employeeType</path>
>          </source>
>      <source>
>          <name>employeeActive</name>
>          <path>$user/extension/example:employeeActive</path>
>      </source>
>          <expression>
>              <value>
>                  <assignment>
>              <targetRef oid="ef2bc95b-76e0-48e2-86d6-c000ff000001"
> type="c:RoleType"/>
>          </assignment>
>              </value>
>          </expression>
>          <target>
>              <path>assignment</path>
>          </target>
>          <condition>
>              <script>
>                 
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
>                  <code>
> basic.stringify(employeeType) == 'EMP' && employeeActive == true
> </code>
>              </script>
>      </condition>
>      </mapping>
>
> Hope this helps.
>
> Regards,
> IVan
>
>
>
> On 03/19/2014 05:51 PM, Paul Heaney wrote:
>> Hi,
>>
>> Up until now I've been assigning roles to users at creation time using
>> an object template which has been working well now I need to update
>> roles on users based on properties of the user (e.g. changing from
>> student to Alumni). From reading the wiki it should be possible to do
>> this using a mapping though I don't seem to be able configure a roles
>> assignment from a mapping, I've checked the examples and schema
>> definitions and don't appear to find the correct syntax.
>>
>> If anyone could point me in the right direction I'd be most great full.
>>
>> Thanks
>> Paul
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list