[midPoint] Specifying Temporary Role/Resource To User

Ivan Noris ivan.noris at evolveum.com
Tue Feb 17 16:07:20 CET 2015 

Hi Pavan,

if I remember correctly, the task is being executed every 15 minutes or
so by default.

If you try the administative status setting in the assignment
(enable/disable), it's applied immediately.

Be sure to check the wiki page with "Disable instead of delete" to have
more user-friendly solution. That feature applies everytime the
assignment is removed/disabled, so unless you explicitly delete the
account from midpoint, it will stay disabled (not removed) even if you
remove all user roles providing that account.

Regards,
Ivan

On 02/17/2015 03:34 PM, Pavan Bule wrote:
> Hi,
>
> Thanks Ivan, it got working. I was not waiting for "Trigger Scanner"
> to run.
>
> Thanks for your help.
>
>
>
> Regards,
> Pavan  
>
> On Tue, Feb 17, 2015 at 6:24 PM, Anand Kothekar
> <anand.kothekar at confluxsys.com <mailto:anand.kothekar at confluxsys.com>>
> wrote:
>
>
>     ---------- Forwarded message ----------
>     From: *Ivan Noris* <ivan.noris at evolveum.com
>     <mailto:ivan.noris at evolveum.com>>
>     Date: Tue, Feb 17, 2015 at 6:14 PM
>     Subject: Re: [midPoint] Specifying Temporary Role/Resource To User
>     To: midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>
>
>     Hi Pavan,
>
>     are you setting the validFrom / validTo attributes in user's
>     assignments, or somewhere else?
>
>     Temporary assignment means:
>     - edit user
>     - click the wheel icon in Assignments - Assign role
>     - select a role
>     - before saving, set the assignment's (the new role) attributes
>     Valid From / Valid To (or Administrative Status)
>     - save
>
>     MidPoint model will evaluate the assignment parameters and should
>     behave accordingly. If you have validFrom date in the future, the
>     role will be assigned, but the resource account will not be
>     created until validFrom date passes. Similar for validTo.
>
>     The process evaluation is done by midPoint, running Trigger or
>     Validity scheduled task automatically.
>
>     By default the assigned account is invalidated by deleting. We
>     have also "disable instead of delete" configuration, which is per
>     resource configuration:
>     https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>
>     Regards,
>     Ivan
>
>
>     On 02/17/2015 01:25 PM, Pavan Bule wrote:
>>     Hi,
>>
>>     Thanks Ivan. I tried few things and it worked for me.
>>
>>     My requirement is that I have one role which has one resource as
>>     an inducement.
>>     now when I assign this role to user, i am specifying the time
>>     limitation to role through ValidFrom and ValidTo attributes.
>>
>>     I am expecting that the resource should be available to user
>>     after specified start time and should get disabled or removed
>>     after end time.
>>
>>     But my observation is that  when we specify  ValidFrom and
>>     ValidTo attributes for making resource temporary through role,
>>     the induced resource is not getting added at all. But if we try
>>     same thing without specifying time limitation (ValidFrom and
>>     ValidTo), induced resource is getting added successfully.
>>
>>     Please provide me any pointers on making resource temporary
>>     through role inducements.
>>
>>
>>     Regards,
>>     Pavan 
>>
>>     On Mon, Feb 16, 2015 at 7:21 PM, Pavan Bule
>>     <pavan.bule at confluxsys.com <mailto:pavan.bule at confluxsys.com>> wrote:
>>
>>         Hi,
>>
>>         I have recently started using midpoint for evaluation. I have
>>         a midpoint environment in my system configured with an ldap
>>         resource.
>>
>>         I was trying to provide temporary Role/Resource to User.
>>
>>         - I specified *valid from and valid to *attributes in gui
>>         while assigning role to user.
>>
>>          but found out that its not working so, I wanted to ensure
>>         that is this functionality implemented in your current
>>         version 3.1 as I am using the same version.
>>
>>          If yes please guide me whether I need to do further more
>>         modification to achive this functionality.
>>
>>
>>         Regards,
>>         Pavan
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     -- 
>       Ing. Ivan Noris
>       Senior Identity Management Engineer & IDM Architect
>       evolveum.com <http://evolveum.com>                     evolveum.com/blog/ <http://evolveum.com/blog/>
>       ___________________________________________________
>       "Semper Id(e)M Vix."
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper Id(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150217/4682b2b5/attachment.htm>

More information about the midPoint mailing list