[midPoint] How to not create an assignment that already exists but is indirect / induced ?

Fabian Noll-Dukiewicz fabian.noll-dukiewicz at veryfy.gmbh
Fri Jan 12 09:44:22 CET 2024 

Hi,

I don’t know how to check for indirect assignments, but as workaround you can check which assignments the user already has. I use the function “focus.getRoleMembershipRef()” in objectTemplate to check if the user has a specific assignment. I think it is also possible to use this function in mapping condition in your resource configuration.

Please let me know if you need some further information.

Kind regards,
Fabian

--
Fabian Noll-Dukiewicz
Spezialist Identity & Access Management | Geschäftsführer
Tel.: +49 152 244 63 211
Email: fabian.noll-dukiewicz at veryfy.gmbh
Web: https://veryfy.gmbh


Von: midPoint <midpoint-bounces at lists.evolveum.com> im Auftrag von Alcides Moraes via midPoint <midpoint at lists.evolveum.com>
Datum: Mittwoch, 10. Januar 2024 um 23:56
An: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Alcides Moraes <alcides.neto at gmail.com>
Betreff: [midPoint] How to not create an assignment that already exists but is indirect / induced ?
Hello list,

TL;DR - Is there a way to check for indirect assignments in groovy script expressions?

Now for the full use case:

We have a resource with a custom in-house connector that is working well for direct assignments.
There are inbound / outbound mappings to create the assignments given in midpoint and in the resource directly, both ways.

However, if I give an indirect assignment to an object from midpoint, midpoint also processes the inbound mapping afterwards and then also creates the direct assignment in midpoint as well.
How should I filter this? I thought about creating a set condition in the mapping, that would check for indirect assignment, but I don’t think there’s a function for this? Midpoint script library has a isDirectlyAssigned function only.

I should note that I’m not using an association mapping, because I need to populate the assignment with additional fields (like orgRef for example), and I don’t think I’m able to do this with the association/assignmentTargetSearch approach, so I’m using standard attribute/inbound mapping and create the assignment there.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240112/2c7d4e07/attachment-0001.htm>

More information about the midPoint mailing list