[midPoint] Editing Role Resource Inducement
dharmendra parakh
dharm.parakh at gmail.com
Wed Nov 26 08:04:10 CET 2014
Hi Ivan/ Pavol
Thanks for the information, i tried it and it works well. but rather than
doing it at user level i would like to do it at role level.
For example:
- I change a role definition - added an additional group assignment
- Now i want to propagate this change to all the member users.
- If i go and do this at user level it is not scalable.
So is there any way where we can say recompute all the user accounts
affected by the change in role definition?
Regards
Dharmendra
On Tue, Nov 25, 2014 at 7:49 PM, Ivan Noris <ivan.noris at evolveum.com> wrote:
> Hi,
>
>
> Hi
>
> - How can we recompute the account?
> - Yes, after changing the role newly members get correct groups.
>
>
> For one single user, it should be sufficient to:
> - go to Users
> - find your user
> - click the "wheel" icon in the user line and select "Reconcile"
>
> The same should be possible for multiple selected users, using the "wheel"
> icon in the user list header (the same option "Reconcile").
>
> Be adwised, all roles assigned to selected user(s) will be recomputed.
>
> Regards,
> Ivan
>
>
> Regards
> Dharmendra
>
>
>
> On Tue, Nov 25, 2014 at 7:01 PM, Pavol Mederly <pavol.mederly at gmail.com>
> wrote:
>
>> Dharmendra,
>>
>> after changing the role, user accounts have to be recomputed for the
>> change to be applied onto the resource.
>>
>> A quick check: if you create a new user and assign him this modified
>> role, is the group membership OK for the newly created account?
>>
>> Best regards,
>> Pavol
>>
>> On 25. 11. 2014 12:14, dharmendra parakh wrote:
>>
>> Hi
>>
>> Thanks for the information, I didn't get chance to go through these
>> documents but i will look into this for sure.
>> What i understand is i can not modify the groups assigned as role
>> inducement from GUI.
>>
>> I tried changing the groups from xml but then this change is not
>> enforced to member users account. I need it for my project for which i am
>> evaluating midpoint, how can i do that?
>>
>>
>> Thanks
>> Dharmendra
>>
>>
>> On Sun, Nov 23, 2014 at 2:32 AM, Pavol Mederly <pavol.mederly at gmail.com>
>> wrote:
>>
>>> Dharmendra,
>>>
>>> thank you for the explanation.
>>>
>>> Currently, GUI allows only to change "regular" attributes of induced
>>> accounts (directly when creating the inducement, or later when editing it
>>> by clicking on "Show empty" button and changing what you need*).
>>>
>>> If you want to work with associations, you have to write it in XML, e.g.
>>> via *Con**figuration->Repository objects* page.
>>>
>>> For an example, please see e.g.
>>> https://wiki.evolveum.com/display/midPoint/Assignment+Configuration#AssignmentConfiguration-EntitlementAssociations
>>> .
>>>
>>> But before trying that, I would strongly recommend reading about the
>>> concept of entitlements, starting here:
>>> https://wiki.evolveum.com/display/midPoint/Entitlements
>>> and then about assignments:
>>> https://wiki.evolveum.com/display/midPoint/Assignment
>>> and https://wiki.evolveum.com/display/midPoint/Assignment+Configuration
>>>
>>> Anyway, if you would have any questions, we're here to help.
>>>
>>> Best regards,
>>> Pavol
>>>
>>> (*) Due to a bug in GUI, attribute changes are applied, but are not
>>> shown back in GUI. But they can be seen via Repository objects page. Hope
>>> we'll fix that soon.
>>> ---
>>>
>>> On 22. 11. 2014 19:50, dharmendra parakh wrote:
>>>
>>> Hi Pavol
>>>
>>> What i have done is pretty straight forward, I have configured a role
>>> to induce an ldap resource using GUI (PFA).
>>>
>>> So as per my understanding when i add this resource to role inducement
>>> all the role members will get this resource provisioned, I have tested this
>>> and it is working very well.
>>>
>>> Now i want to change the resource data which i provided while adding
>>> this resource inducement to role for example container or group assignment
>>> information. I am not sure how can i do this.
>>>
>>>
>>> Thanks!
>>> Dharmendra
>>>
>>> On Sat, Nov 22, 2014 at 10:52 PM, Pavol Mederly <mederly at evolveum.com>
>>> wrote:
>>>
>>>> Hello Dharmendra,
>>>>
>>>> I'm not sure what exactly you have done and what you would like to
>>>> achieve.
>>>>
>>>> You've created a role and configured it to induce an LDAP resource. Did
>>>> you do this using a GUI or via XML?
>>>> If via GUI, please send here a screenshot what have you done and what
>>>> you want to achieve.
>>>> If via XML, please do the same (sending here appropriate pieces of your
>>>> XML configuration).
>>>>
>>>> Best regards,
>>>> Pavol Mederly
>>>>
>>>>
>>>> On 22. 11. 2014 11:33, dharmendra parakh wrote:
>>>>
>>>> Hi Everyone
>>>>
>>>> I just downloaded and started learning midpoint for my personal
>>>> learning purpose. I really liked it and I am very excited to learn using it.
>>>>
>>>> I have a question about inducements in midpoint.
>>>>
>>>> I have created a role and configured it to induce a ldap resource
>>>> with some ldap groups. Now I want to change the configured groups/resource
>>>> information but i could not find the way to do it.
>>>>
>>>> Can you help me doing this or there is no such implementation in
>>>> midpoint currently.
>>>> Please help me with this let me know if you need more information on
>>>> this.
>>>>
>>>>
>>>> Thanks
>>>> Dharmendra Parakh
>>>> +91-9730648544
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer
> evolveum.com evolveum.com/blog/
> _____________________________________________
> "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20141126/0456f09b/attachment.htm>
More information about the midPoint
mailing list