[midPoint] Configuration of Entitlements

Tue Jun 6 09:46:21 CEST 2017

Hello midpoint team,

I started to create a Rest-based connector for Microsoft Dynamics NAV 2015. My first approach is to connect two Object classes of NAV: "Account" and "User".
I managed to create and Connector with all CRUD operation and used Testclasses to verify them successfully.

But now I have a basic understanding problem in configure "Account and entitlements" in midpoint and would like to know, what a good practice could be.

The tables in NAV are as follows:

1.       Account-table: A simple Account table with Identifier for user

2.       User-table: Connects the account Table 1 to specific company and to specific  Rights. It is like an Access Control List. Here an example setup with columns

a.       User_ID: String - The ID from "Account-Table"

b.      CompanyName:String - a foreign key

c.       RightNo1: Boolean

d.      RightNo2: Boolean
The cardinality is Account:User_ID (1 : N) User-table:User_ID, where User_ID and CompanyName are a constraint key.

Setting up the resource in Midpoint for the table "Account" was no problem. The midpoint user is connected to the NAV account. CRUD Operations work.
But what is a good setup for the "User-Table"?
The behaviour I want:

-          When assigning a (company specific) role to a user, an entry in "User-Table"  is created (I think it is inducement - with generic construction)

-          When assigning another role, a "Right":Boolean is set.

-          When the (company specific) role is removed, the entry in the "User-Table" should be deleted
I already tried a dozen of setups (as entitlement, as Account, as entitlement linked to user..., I do not want to write them all down, assuming nobody will want to read the whole story) but I did not get by.

One more Info: I have NOT set up an entitlement association yet, because I have not programmed a multiValue field that could be used as an "association field" yet. Should I, or can I use the "User_ID" field of User-table?

If you could give me any advice, I would be very happy.
Thank you in advance

Alex

B.Sc. Alexander Stumpf
System Development

ZETA Automation GmbH
Münchner Str. 8, D-85354 Freising
P +49 (8161) 99 21-649
F +49 (8161) 99 21-644
alexander.stumpf at zeta.com<mailto:alexander.stumpf at zeta.com>
http://www.zeta-automation.de<http://www.zeta-automation.de/>

HRB 115294, Amtsgericht München; UST-Id. Nr. DE 189564479,
Geschäftsführung: Mag. René Haas, Dipl.-Ing. Dr. Andreas Marchler

:Disclaimer:

The information contained in this e-mail and in any attached files is confidential and/or legally privileged. If you are not the intended recipient, please contact the sender and delete this e-mail. Any unauthorised copying or distribution of the information contained in this e-mail and/or in any attached file is prohibited. The sender and/or the sending company do not accept liability for the incorrect and/or incomplete transmission of the information, nor for any delay or interruption of the transmission, nor for the damages arising from the use of or reliance on the information unless mandatory law provides otherwise. E-mails may be interfered with, may contain computer viruses or other defects. The sender and/or the sending company give no warranties and do not accept liability in relation to these matters, unless mandatory law provides otherwise. Thank you for your cooperation.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170606/01df08ad/attachment.htm>