[midPoint] ScriptedSQL connector: multiple group types

Tue Dec 20 21:04:16 CET 2016

OK, thanks for advice.
This must be something like LDAP group membership when each group is time restricted.
If it can be done by activation - that's awesome.

Dnia wtorek, 20 grudnia 2016 17:18:15 CET Pavol Mederly pisze:
> Wojciech,
> 
> as discussed today on this list: in midPoint this is represented by the 
> activation item (specifically, its validFrom/validTo properties) 
> residing in the user's assignment (pointing to given role).
> 
> Pavol Mederly
> Software developer
> evolveum.com
> 
> On 20.12.2016 16:44, Wojciech Staszewski wrote:
> > Hello again!
> >
> > It is possibe and how to configure group membership (association), each with different time constraints?
> > User may have assigned multiple "workplaces", each workplace must have it's own time constraint. Example:
> > user "jdoe" has:
> > - workplace "Serology lab 1" from 2015.04.01 to 2016.12.31
> > - workplace "Microbiology lab 2" from 2015.05.05 to 2017.05.05
> > - and workplace "Analytics lab 1" from 2012.01.01 to 2020.12.31
> >
> > Is that possible to do?
> > Best regards,
> > WS
> >
> > W dniu 19.12.2016 o 21:53, Wojciech Staszewski pisze:
> >> Thanks!
> >>
> >> So then, it shouldn't be so hard.
> >> Best regards!
> >>
> >> Dnia poniedziałek, 19 grudnia 2016 20:38:42 CET Pavol Mederly pisze:
> >>> Wojciech,
> >>>
> >>> I think your original idea is OK. You can create multiple types - i.e.
> >>> object classes - in SchemaScript for your groups. Like Group1, Group2,
> >>> ..., BlueGroup, RedGroup, GreenGroup, ..., DatabaseRole,
> >>> ApplicationModule, Workplace. Anything you want. As soon as you
> >>> consistently refer to them in all your scripts.
> >>>
> >>> And yes, you then map these object classes to midPoint terms:
> >>> kind/intent; kind being entitlement in this case, and intents as you
> >>> like. For example, databaseRole, applicationModule, or workplace.
> >>>
> >>> Pavol Mederly
> >>> Software developer
> >>> evolveum.com
> >>>
> >>> On 19.12.2016 20:25, Wojciech Staszewski wrote:
> >>>> Hello!
> >>>>
> >>>> Jokes are over. My first scriptedSQL connector works like a charm (Zabbix account with group membership), so it is time for something more sophisticated.
> >>>> I've got a system, where user's access rights are set by 3 different memberships.
> >>>> First membership are database roles.
> >>>> Second are application modules available for user.
> >>>> Third type are "workplaces" (with time constraints).
> >>>> These 3 memberships are independent, each user can have for example 3 roles, 12 enabled modules and 5 workplaces.
> >>>>
> >>>> I thought that I can do multiple group types in SchemaScript and distinguish them by "intent".
> >>>> But I can't do this. I can declare only 1 CustomGroupObjectClass...
> >>>> Any advice? Thanks and regards,
> >>>> WS :)
> >>>>
> >>>> _______________________________________________
> >>>> midPoint mailing list
> >>>> midPoint at lists.evolveum.com
> >>>> http://lists.evolveum.com/mailman/listinfo/midpoint
> >>> _______________________________________________
> >>> midPoint mailing list
> >>> midPoint at lists.evolveum.com
> >>> http://lists.evolveum.com/mailman/listinfo/midpoint
> >>>
> >>
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
Dział IT
DIAGNOSTYKA 
Spółka z ograniczoną odpowiedzialnością 
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
tel.: +48 12 295 01 00
fax: +48 12 295 01 02 
tel. kom: 663 680 236
www.diag.pl
DIAGNOSTYKA Spółka z ograniczoną odpowiedzialnością ul. Prof. M. Życzkowskiego 16, 31-864 Kraków; 
KRS: Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy Krajowego KRS: 0000381559; NIP: 675-12-65-009; REGON: 356366975, Kapitał zakładowy: 33 252 500 zł.