[midPoint] Specifying Temporary Role/Resource To User
Pavan Bule
pavan.bule at confluxsys.com
Tue Feb 17 15:34:48 CET 2015
Hi,
Thanks Ivan, it got working. I was not waiting for "Trigger Scanner" to run.
Thanks for your help.
Regards,
Pavan
On Tue, Feb 17, 2015 at 6:24 PM, Anand Kothekar <
anand.kothekar at confluxsys.com> wrote:
>
> ---------- Forwarded message ----------
> From: Ivan Noris <ivan.noris at evolveum.com>
> Date: Tue, Feb 17, 2015 at 6:14 PM
> Subject: Re: [midPoint] Specifying Temporary Role/Resource To User
> To: midpoint at lists.evolveum.com
>
>
> Hi Pavan,
>
> are you setting the validFrom / validTo attributes in user's assignments,
> or somewhere else?
>
> Temporary assignment means:
> - edit user
> - click the wheel icon in Assignments - Assign role
> - select a role
> - before saving, set the assignment's (the new role) attributes Valid From
> / Valid To (or Administrative Status)
> - save
>
> MidPoint model will evaluate the assignment parameters and should behave
> accordingly. If you have validFrom date in the future, the role will be
> assigned, but the resource account will not be created until validFrom date
> passes. Similar for validTo.
>
> The process evaluation is done by midPoint, running Trigger or Validity
> scheduled task automatically.
>
> By default the assigned account is invalidated by deleting. We have also
> "disable instead of delete" configuration, which is per resource
> configuration:
> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>
> Regards,
> Ivan
>
>
> On 02/17/2015 01:25 PM, Pavan Bule wrote:
>
> Hi,
>
> Thanks Ivan. I tried few things and it worked for me.
>
> My requirement is that I have one role which has one resource as an
> inducement.
> now when I assign this role to user, i am specifying the time limitation
> to role through ValidFrom and ValidTo attributes.
>
> I am expecting that the resource should be available to user after
> specified start time and should get disabled or removed after end time.
>
> But my observation is that when we specify ValidFrom and ValidTo
> attributes for making resource temporary through role, the induced resource
> is not getting added at all. But if we try same thing without specifying
> time limitation (ValidFrom and ValidTo), induced resource is getting added
> successfully.
>
> Please provide me any pointers on making resource temporary through role
> inducements.
>
>
> Regards,
> Pavan
>
> On Mon, Feb 16, 2015 at 7:21 PM, Pavan Bule <pavan.bule at confluxsys.com>
> wrote:
>
>> Hi,
>>
>> I have recently started using midpoint for evaluation. I have a
>> midpoint environment in my system configured with an ldap resource.
>>
>> I was trying to provide temporary Role/Resource to User.
>>
>> - I specified *valid from and valid to *attributes in gui while
>> assigning role to user.
>>
>> but found out that its not working so, I wanted to ensure that is this
>> functionality implemented in your current version 3.1 as I am using the
>> same version.
>>
>> If yes please guide me whether I need to do further more modification
>> to achive this functionality.
>>
>>
>> Regards,
>> Pavan
>>
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper Id(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150217/8891b1d4/attachment.htm>
More information about the midPoint
mailing list