[midPoint] Assigning roles based on attribute values
Ivan Noris
ivan.noris at evolveum.com
Fri Mar 21 21:46:41 CET 2014
Hi Paul,
>> The code snippet I've posted previously was from the default user
>> template, which is processed each time User object is modified (as well
>> as created)...
>>
>> Regards,
>> Ivan
> Perfect, didn't realise you could assign a template to the system
> configuration I'm now able to assign roles on changes is it possible
> to remove roles as well?
>
Yes, the example I've sent is working both ways... the role specified in
mapping is assigned when the condition is true and unassigned otherwise.
You may also need to configure "disable instead of unassign" to avoid
immediately deleting the accounts after the role is unassigned, and/or
to schedule automatic deletion of accounts for later time. Both
scenarios are working at least since midPoint 2.2.1.
Please refer to
https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
wiki page for examples. I can also provide some other if needed.
Regards,
IVan
--
Ing. Ivan Noris
Senior Identity Management Engineer
evolveum.com
___________________________________________________
"Semper cautus - semper paratus - semper idem Vix."
More information about the midPoint
mailing list