[midPoint] Role/Service autoassignment

Arnošt Starosta - AMI Praha a.s. arnost.starosta at ami.cz
Mon Sep 16 10:13:18 CEST 2019 

Hi Chris,

you can intercept the extension/rsBadgeAssignee change in a hook and based
on it's old and new values find the two employees and explicitly recompute
just them. With your assignment in user template this will do the job. I
would try a final hook for the service type.

And as the recompute may fail, you want to make sure to recompute the
failed users in the future - either recompute all of them once in a while
or run a specialized task to find badges assigned to wrong employees etc.

I don't believe there is other way to do this right now, but please anybody
proove me wrong.

The autoassignment wont help you, the users must still be recomputed and it
comes with a performace price on top. But when i need to access the
attributes of both roles and focus objects in assignments, i use the
assignmentPath and related variables, see midpoint wiki.

arnost

so 14. 9. 2019 v 11:02 odesílatel Chris Woods <Chris.Woods at rohde-schwarz.com>
napsal:

> Hi everyone,
>
> I’m probably thinking about this completely the wrong way, but here goes
> anyway:
>
> I have a company ID card system that we originally had setup so that when
> reconciling, the badge would appear as  a projection for the user (when the
> employeeID for the badge matched the $focus/name of the user). However, we
> now have a requirement to store more data about the badge than the id card
> system provides, so I modified the synchronisation setup to create a
> FocusType of Service. This service is assigned an archetype “Company ID
> card”.
>
> All is working well – A service for each card in the card database was
> created with the appropriate archetype.
>
> However, I can’t seem to find a way to automatically assign the service to
> the user based on the employeeID which is now stored in the service as
> extension/rsBadgeAssignee.
>
> I tried to do the assignment in the User object template, which worked –
> as long as I actually opened the user and recomputed them. Day cards are
> transferred from person to person, so I don’t want to have to update 14,000
> Users, just because one card has transferred ownership. If I just modified
> the rsBadgeAssignee in the card service object, nothing happened to either
> the previous owner (removal) or the new owner (assignment).
>
> I then tried autoassign in the archetype. All the examples for
> autoassignment use some kind of constant like ‘internal’ or ‘FTE’ to be
> present in the focal object (user). What I couldn’t work out how to do was
> something like this:
>
> <autoassign>
>
>         <enabled>true</enabled>
>
>         <focus>
>
>             <mapping>
>
>                <name>Badge autoassign</name>
>
>                <strength>strong</strength>
>
>                <source>
>
>                     <path>$focus/name</path> <-- the employeeID of the
> user -->
>
>                 </source>
>
>                 <source>
>
>                    <path>$this/extension/rsBadgeAssignee</path>    <--
> trying to reference rsBadgeAssignee in service itself –->
>
>                 </source>
>
>                 <condition>
>
>                     <script>
>
>                         <code>
> basic.stringify(name).equals(rsBadgeAssignee)</code>
>
>                     </script>
>
>                 </condition>
>
>             </mapping>
>
>         </focus>
>
>     </autoassign>
>
> This throws an error, because there is no rsBadgeAsignee attribute in the
> focus (User), but how do I reference “this” (i.e. the service itself) in
> the condition?
>
> I hope all this was not too confusing and appreciate any help!
>
>
>
> Regards,
>
> Chris
>
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>


-- 

*Arnošt Starosta*
solution architect

gsm: [+420] 603 794 932
e‑mail: arnost.starosta at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190916/18577eef/attachment.htm>

More information about the midPoint mailing list