[midPoint] Howto unassign a role

Ivan Noris ivan.noris at evolveum.com
Mon Jan 20 14:29:15 CET 2020 

Hi Rainer,

just a stupid question: the role was assigned manually or by object
template?

Isn't there perhaps still a mapping that assigns it back?

I think you can test it from Role - Members and try to unassign the role
from your member there. If the behaviour is the same, maybe midpoint
just keeps assigning the role...

Best regards,

Ivan

On 17. 1. 2020 13:12, Rainer Herbst wrote:
> Dear all,
>
> again, I am bouncing with my head against a wall and fill so thumb... ;-)
>
> Simple use case - unassociate all Users with the role staff
> (Mitarbeiter) from that role.
>
> In the users, the role is assigned:
>   <assignment id="32">
>   <metadata>...</metadata>
>   <targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
> relation="org:default" type="c:RoleType">
>   <!-- Mitarbeiter -->
>   </targetRef>
>   <activation>
>   <administrativeStatus>disabled</administrativeStatus>
>   <effectiveStatus>disabled</effectiveStatus>
>   </activation>
>   </assignment>
>
> I wrote a task that should delete this association. Actually, I took a
> lot from the examle
> https://github.com/Evolveum/midpoint-samples/blob/a5152f69de6e33949eaceb3889abc9edc0f506ea/samples/tasks/bulk-actions/modify-selected-users-unassign-role.xml:
>
>
> <objects
> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>   xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>   xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>   xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>   xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
>>
>
>   <task>
>   <name>Unassign "Mitarbeiter" role from all users</name>
>      <extension>
>   <scext:executeScript
> xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
>   <s:search
> xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
>   <s:type>c:UserType</s:type>
>   <s:searchFilter>
>   <q:ref>
>   <q:path>assignment/targetRef</q:path>
>   <q:value oid="9f154c7e-ac7d-4d26-b715-58840e807fea"/>
>   </q:ref>
>   </s:searchFilter>
>   <s:action>
>   <s:type>modify</s:type>
>   <s:parameter>
>   <s:name>delta</s:name>
>   <c:value xsi:type="t:ObjectDeltaType">
>   <t:changeType>modify</t:changeType>  <!-- this is the default, can
> be omitted -->
>   <!-- objectType and oid are taken from the object being modified -->
>   <t:itemDelta>
>   <t:modificationType>delete</t:modificationType>
>   <t:path>c:assignment</t:path>
>   <t:value>
>   <c:targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
> relation="org:default" type="c:RoleType"/>
>   </t:value>
>   </t:itemDelta>
>   </c:value>
>   </s:parameter>
>   </s:action>
>   </s:search>
>   </scext:executeScript>
>      </extension>
>   <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
>   <executionStatus>runnable</executionStatus>
>   <category>BulkActions</category>
>  
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
>   <recurrence>recurring</recurrence>
>   </task>
> </objects>
>
>
> In the logs, i see three entries being modified:
> 2020-01-17 13:00:57,055 [] [midPointScheduler_Worker-4] INFO
> (com.evolveum.midpoint.model.impl.scripting.ExecutionContext): Script
> console message: Modified
> user:321afa6d-c3fe-49a5-836c-bb443ff45434(xxxxx)
> 2020-01-17 13:00:57,163 [] [midPointScheduler_Worker-4] INFO
> (com.evolveum.midpoint.model.impl.scripting.ExecutionContext): Script
> console message: Modified
> user:59af0f09-5897-4f45-8e41-4e1e0dce37a8(yyyyyy)
> 2020-01-17 13:00:57,278 [] [midPointScheduler_Worker-4] INFO
> (com.evolveum.midpoint.model.impl.scripting.ExecutionContext): Script
> console message: Modified
> user:b5a0b375-4bc5-4787-8e70-b576ec556022(zzzzzz)
>
> But when I check the entries, the Assignment is still in place.
>
> So what do I miss? Many thanks in advance!
>
>
> Rainer Herbst
> Leiter IT-Service
> Phone: +49 331 7499-257
> e-mail: rainer.herbst at aip.de
> https://www.aip.de
>
> -----------------------------------------------------------------------------------------------
>
> Leibniz-Institut für Astrophysik Potsdam (AIP)
> An der Sternwarte 16, 14482 Potsdam
>
> Vorstand: Prof. Dr. Matthias Steinmetz, Matthias Winker
> Stiftung bürgerlichen Rechts
> Stiftungsverzeichnis Brandenburg: 26 742-00/7026
> -----------------------------------------------------------------------------------------------
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200120/a49f829b/attachment.htm>

More information about the midPoint mailing list