[midPoint] Role template "role-sailor"

Ivan Noris ivan.noris at evolveum.com
Thu Jul 18 14:38:39 CEST 2013 

Hi Salim,

see my answers inline:

On 07/18/2013 01:38 PM, Salim Boulkour wrote:
>
> Hey everyone,
>
> I began playing with roles in midpoint and am trying to understand the 
> contents of 
> https://svn.evolveum.com/midpoint/tags/midpoint-2.1.2/samples/roles/role-sailor.xml.
>
> Role description says :
>
> A basic role, that specifies *_account on OpenDJ resource_*
>
> and also sets "employeeType" attribute to a fixed value and it sets 
> "destinationIndicator"
>
> as a copy of a user property.
>
> What interests me here, is the ability to do modifications to the 
> account. So my questions are :
>
> -Does the account has to be created before assigning that role to a 
> user ? Or account would be created as soon as role is given to the user ?
>

The account will be created as soon you assign this role to user.
The attributes will be set as specified by mappings in the role 
(employeeNumber, destinationIndicator).

> -I understand the OID in ‘resourceRef’ being the way to specify the 
> targeted resource. Is this the only way to specify it ? (As the doc on 
> the data model stated I wouldn’t have to play with OIDs much ;) )
>

Yes this is the only reference type - by oid. In the next releases, more 
parts of administrative GUI will be enhanced by wizards so that you can 
select the resource instead of typing its oid. But so far you have to 
create the role(s) and refer to resource oid to make a reference. IF you 
need to prepare a set of configuration (XML) files, e.g. resources and 
roles, and wish to import them and make some tests, you may use your own 
oids, just be sure to make them unique.

> -If I specify in the role a resource attribute that is already handled 
> by the resource/connector conf’, what would happen ? Has the value 
> given by the role assignment a higher priority than the default one ?
>

Very good question. Please see 
https://wiki.evolveum.com/display/midPoint/Mapping especially "Mapping 
Order":
"When defining multiple mappings for single-valued attribute, every next 
applied mapping in order rewrites the value of attribute. Be sure to 
check, if this is what you want. In case of multiple-value attributes, 
mappings simply add next values to the attribute values list. "

So it depends mainly on the single/multi value attribute. For 
multi-value it would do what you perhaps expect - merge.

Regards,
Ivan

-- 
   Ing. Ivan Noris
   Consultant
   Evolveum, s.r.o
   ___________________________________________________
   "Semper cautus - semper paratus - semper idem Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20130718/c9dbcb70/attachment.htm>

More information about the midPoint mailing list