[midPoint] Assigning roles based on attribute values
Paul Heaney
lists at pheaney.co.uk
Thu Mar 20 09:33:08 CET 2014
Hi Ivan,
Appologies I've it working correctly with object templates on user
creation though I'm attempting to update the roles assignment on
subsequent synchronisations based on attributes from the source system e.g.
* On initial sync user is granted the student role within the object
template (this working successfully)
* On a subsequent sync the user is flagged as a official in the students
union so needs assigning the student union role as well
* On a subsequent sync the student union flag is remeoved and the
student union role needs removing
From the documentation it would appear that I should be able to assign
these roles though I'm struggling to get this working on subsequent
syncs as object templates are not used at this phase
Thanks
Paul
On 19/03/14 19:49, Ivan Noris wrote:
> Hi Paul,
>
> I'm not sure what have you already done in the object template, but
> maybe this snippet may be usable for you, or for someone on this list:
>
> The mapping is in default user template and is assigning the "Employee"
> role based on the conditions. If the condition is false, the role is
> unassigned (i.e. when the employee leaves the company).
>
> <mapping>
> <name>EXAMPLE User Template: EXAMPLE Employee Role</name>
> <source>
> <path>employeeType</path>
> </source>
> <source>
> <name>employeeActive</name>
> <path>$user/extension/example:employeeActive</path>
> </source>
> <expression>
> <value>
> <assignment>
> <targetRef oid="ef2bc95b-76e0-48e2-86d6-c000ff000001"
> type="c:RoleType"/>
> </assignment>
> </value>
> </expression>
> <target>
> <path>assignment</path>
> </target>
> <condition>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
> <code>
> basic.stringify(employeeType) == 'EMP' && employeeActive == true
> </code>
> </script>
> </condition>
> </mapping>
>
> Hope this helps.
>
> Regards,
> IVan
>
>
>
> On 03/19/2014 05:51 PM, Paul Heaney wrote:
>> Hi,
>>
>> Up until now I've been assigning roles to users at creation time using
>> an object template which has been working well now I need to update
>> roles on users based on properties of the user (e.g. changing from
>> student to Alumni). From reading the wiki it should be possible to do
>> this using a mapping though I don't seem to be able configure a roles
>> assignment from a mapping, I've checked the examples and schema
>> definitions and don't appear to find the correct syntax.
>>
>> If anyone could point me in the right direction I'd be most great full.
>>
>> Thanks
>> Paul
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list