[midPoint] Assigning roles based on attribute values
Ivan Noris
ivan.noris at evolveum.com
Thu Mar 20 18:46:57 CET 2014
Hi Paul,
On 03/20/2014 09:33 AM, Paul Heaney wrote:
> Hi Ivan,
>
> Appologies I've it working correctly with object templates on user
> creation though I'm attempting to update the roles assignment on
> subsequent synchronisations based on attributes from the source system
> e.g.
>
> * On initial sync user is granted the student role within the object
> template (this working successfully)
> * On a subsequent sync the user is flagged as a official in the
> students union so needs assigning the student union role as well
> * On a subsequent sync the student union flag is remeoved and the
> student union role needs removing
>
> From the documentation it would appear that I should be able to assign
> these roles though I'm struggling to get this working on subsequent
> syncs as object templates are not used at this phase
>
Do you have the object template (which you declare is working in the
initial sync step) set as default user template in System Configuration,
or it's set in the resource when creating users from accounts? (in the
addUser action)
The code snippet I've posted previously was from the default user
template, which is processed each time User object is modified (as well
as created)...
Regards,
Ivan
--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
More information about the midPoint
mailing list