[midPoint] Specifying Temporary Role/Resource To User
Ivan Noris
ivan.noris at evolveum.com
Tue Feb 17 13:44:03 CET 2015
Hi Pavan,
are you setting the validFrom / validTo attributes in user's
assignments, or somewhere else?
Temporary assignment means:
- edit user
- click the wheel icon in Assignments - Assign role
- select a role
- before saving, set the assignment's (the new role) attributes Valid
>From / Valid To (or Administrative Status)
- save
MidPoint model will evaluate the assignment parameters and should behave
accordingly. If you have validFrom date in the future, the role will be
assigned, but the resource account will not be created until validFrom
date passes. Similar for validTo.
The process evaluation is done by midPoint, running Trigger or Validity
scheduled task automatically.
By default the assigned account is invalidated by deleting. We have also
"disable instead of delete" configuration, which is per resource
configuration:
https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
Regards,
Ivan
On 02/17/2015 01:25 PM, Pavan Bule wrote:
> Hi,
>
> Thanks Ivan. I tried few things and it worked for me.
>
> My requirement is that I have one role which has one resource as an
> inducement.
> now when I assign this role to user, i am specifying the time
> limitation to role through ValidFrom and ValidTo attributes.
>
> I am expecting that the resource should be available to user after
> specified start time and should get disabled or removed after end time.
>
> But my observation is that when we specify ValidFrom and ValidTo
> attributes for making resource temporary through role, the induced
> resource is not getting added at all. But if we try same thing without
> specifying time limitation (ValidFrom and ValidTo), induced resource
> is getting added successfully.
>
> Please provide me any pointers on making resource temporary through
> role inducements.
>
>
> Regards,
> Pavan
>
> On Mon, Feb 16, 2015 at 7:21 PM, Pavan Bule <pavan.bule at confluxsys.com
> <mailto:pavan.bule at confluxsys.com>> wrote:
>
> Hi,
>
> I have recently started using midpoint for evaluation. I have a
> midpoint environment in my system configured with an ldap resource.
>
> I was trying to provide temporary Role/Resource to User.
>
> - I specified *valid from and valid to *attributes in gui while
> assigning role to user.
>
> but found out that its not working so, I wanted to ensure that is
> this functionality implemented in your current version 3.1 as I am
> using the same version.
>
> If yes please guide me whether I need to do further more
> modification to achive this functionality.
>
>
> Regards,
> Pavan
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150217/2c0e3ff0/attachment.htm>
More information about the midPoint
mailing list