[midPoint] Transform links -> assignments
Radovan Semancik
radovan.semancik at evolveum.com
Tue Jul 28 12:26:04 CEST 2015
Hi,
Yes. There are many options.
The simplest is to use "legalize" feature. If set to true then the
illegal resource objects (e.g. accounts) will be made legal. Illegal
resource object is a linked resource object for which there is no
assignment. If this option is set to true then it will automatically add
a (direct) assignment for this object.
See ProjectionPolicyType in common-3.xsd.
This will add direct assignment with a construction (not a role).
If you want to add a role then the best way is to use user template,
mapping for assignment property and a proper condition. There are
sctript functions that you can use to determine is the link exists,
(e.g. midpoint.hasLinkedAccount(...)) and whether assignment exists
(e.g. midpoint.isDirectlyAssigned(...)). You might also use the isLegal
propert of LensElementContext ... but I don't think anyone tried this.
In this case please take care to set your user template mapping to
evaluationPhase=afterAssignments as the user template is normally
evaluated before assignments and the isLegal flag is set during
assignment evaluation. This may also be tricky because assignment added
by evaluationPhase=afterAssignments will not be evaluated again ... but
as this is legalization case it might work for you.
--
Radovan Semancik
Software Architect
evolveum.com
On 07/27/2015 10:23 PM, Martin Lízner - AMI Praha a.s. wrote:
> Hi, just quick question. Is there a tool/piece of code/task etc. that
> can transform user's resource links (e.g. loaded with reconc.) to
> assignments? Thank You, Martin
>
> Martin Lízner
> solution architect
>
> gsm: [+420] 737 745 571
> e-mail: martin.lizner at ami.cz <mailto:jmeno.prijmeni at ami.cz>
>
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
>
>
>
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/audit-roli-a-opravneni-sap>
>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150728/3bcd6775/attachment.htm>
More information about the midPoint
mailing list