[midPoint] Editing Role Resource Inducement

Ivan Noris ivan.noris at evolveum.com
Tue Nov 25 15:19:13 CET 2014 

Hi,


> Hi
>
> - How can we recompute the account?
> - Yes, after changing the role newly members get correct groups.
>

For one single user, it should be sufficient to:
- go to Users
- find your user
- click the "wheel" icon in the user line and select "Reconcile"

The same should be possible for multiple selected users, using the
"wheel" icon in the user list header (the same option "Reconcile").

Be adwised, all roles assigned to selected user(s) will be recomputed.

Regards,
Ivan

> Regards
> Dharmendra
>
>
>
> On Tue, Nov 25, 2014 at 7:01 PM, Pavol Mederly
> <pavol.mederly at gmail.com <mailto:pavol.mederly at gmail.com>> wrote:
>
>     Dharmendra,
>
>     after changing the role, user accounts have to be recomputed for
>     the change to be applied onto the resource.
>
>     A quick check: if you create a new user and assign him this
>     modified role, is the group membership OK for the newly created
>     account?
>
>     Best regards,
>     Pavol
>
>     On 25. 11. 2014 12:14, dharmendra parakh wrote:
>>     Hi
>>
>>     Thanks for the information, I didn't get chance to go through
>>     these documents but i will look into this for sure. 
>>     What i understand is i can not modify the groups assigned as role
>>     inducement from GUI.
>>
>>     I tried changing the groups from xml but then this change is not
>>     enforced to member users account. I need it for my project for
>>     which i am evaluating midpoint, how can i do that?
>>
>>
>>     Thanks
>>     Dharmendra
>>
>>
>>     On Sun, Nov 23, 2014 at 2:32 AM, Pavol Mederly
>>     <pavol.mederly at gmail.com <mailto:pavol.mederly at gmail.com>> wrote:
>>
>>         Dharmendra,
>>
>>         thank you for the explanation.
>>
>>         Currently, GUI allows only to change "regular" attributes of
>>         induced accounts (directly when creating the inducement, or
>>         later when editing it by clicking on "Show empty" button and
>>         changing what you need*).
>>
>>         If you want to work with associations, you have to write it
>>         in XML, e.g. via *Con**figuration->Repository objects* page.
>>
>>         For an example, please see e.g.
>>         https://wiki.evolveum.com/display/midPoint/Assignment+Configuration#AssignmentConfiguration-EntitlementAssociations.
>>
>>         But before trying that, I would strongly recommend reading
>>         about the concept of entitlements, starting here:
>>         https://wiki.evolveum.com/display/midPoint/Entitlements
>>         and then about assignments:
>>         https://wiki.evolveum.com/display/midPoint/Assignment
>>         and
>>         https://wiki.evolveum.com/display/midPoint/Assignment+Configuration
>>
>>         Anyway, if you would have any questions, we're here to help.
>>
>>         Best regards,
>>         Pavol
>>
>>         (*) Due to a bug in GUI, attribute changes are applied, but
>>         are not shown back in GUI. But they can be seen via
>>         Repository objects page. Hope we'll fix that soon.
>>         ---
>>
>>         On 22. 11. 2014 19:50, dharmendra parakh wrote:
>>>         Hi Pavol
>>>
>>>         What i have done is pretty straight forward, I have
>>>         configured a role to induce an ldap resource using GUI (PFA).
>>>
>>>         So as per my understanding when i add this resource to role
>>>         inducement all the role members will get this resource
>>>         provisioned, I have tested this and it is working very well.
>>>
>>>         Now i want to change the resource data which i provided
>>>         while adding this resource inducement to role for example
>>>         container or group assignment information. I am not sure how
>>>         can i do this.
>>>
>>>
>>>         Thanks!
>>>         Dharmendra
>>>
>>>         On Sat, Nov 22, 2014 at 10:52 PM, Pavol Mederly
>>>         <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>
>>>             Hello Dharmendra,
>>>
>>>             I'm not sure what exactly you have done and what you
>>>             would like to achieve.
>>>
>>>             You've created a role and configured it to induce an
>>>             LDAP resource. Did you do this using a GUI or via XML?
>>>             If via GUI, please send here a screenshot what have you
>>>             done and what you want to achieve.
>>>             If via XML, please do the same (sending here appropriate
>>>             pieces of your XML configuration).
>>>
>>>             Best regards,
>>>             Pavol Mederly
>>>
>>>
>>>             On 22. 11. 2014 11:33, dharmendra parakh wrote:
>>>>             Hi Everyone
>>>>
>>>>             I just downloaded and started learning midpoint for my
>>>>             personal learning purpose. I really liked it and I am
>>>>             very excited to learn using it.
>>>>
>>>>             I have a question about inducements in midpoint.
>>>>
>>>>             I have created a role and configured it to induce a
>>>>             ldap resource with some ldap groups. Now I want to
>>>>             change the configured groups/resource information but i
>>>>             could not find the way to do it.
>>>>
>>>>             Can you help me doing this or there is no such
>>>>             implementation in midpoint currently.
>>>>             Please help me with this let me know if you need more
>>>>             information on this.
>>>>
>>>>
>>>>             Thanks
>>>>             Dharmendra Parakh
>>>>             +91-9730648544 <tel:%2B91-9730648544>
>>>>
>>>>
>>>>             _______________________________________________
>>>>             midPoint mailing list
>>>>             midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>             _______________________________________________
>>>             midPoint mailing list
>>>             midPoint at lists.evolveum.com
>>>             <mailto:midPoint at lists.evolveum.com>
>>>             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com     evolveum.com/blog/
  _____________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141125/7cb57b8c/attachment.htm>

More information about the midPoint mailing list