[midPoint] About metaroles

[Wojciech Staszewski]

Hello,

I'm trying to configure a role that assign an account on some resource to an user and a metarole with some attributes of this account.

1. I create a role, add resource system as an /inducement/, leave all attributes blank.
2. I create a metarole, add the same resource as an /inducement/, fill required attributes.
3. Next i open the role and add the metarole as an /assignment /(as described in documentation).
4. When I click Save Midpoint tries to create an account on target system to the metarole (???). Got error - Midpoint can't find metarole's password. I ignore it.
5. I assign the role to the user, account on target system is created but without attributes from metarole /assigned/ to main role.

I don't get it. I'm reading documentation, analyzing diagrams and everything seems to be OK. But is not.
What am I doing wrong? Thanks for any help.

Next question:

- I'm thinking about how MidPoint treats user request for metaroles?
The user is requesting for a metarole because he needs extra privileges on some resource,
the boss approves that and what then? The metarole is assigned to user or to the role which induced specified resource?
I know that metarole is also a role, but if it's a "meta" shouldn't it be rather assigned to another role, not directly to an user?

Regards,
WS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170108/843294da/attachment.htm>