[midPoint] Users and Groups in database

[Pavol Mederly]

Hello Roman,

we've recently implemented this scenario for one of our customers.

It was done via ScriptedSQL connector, as one resource, having two 
object classes:

- users
- roles

The user-role association was implemented as a multi-valued attribute 
called "roles" in the user. (It could be done also via attribute 
"users"/"members" in the role object, but we chose this way because the 
user in our case has fewer roles than there are users for a given role.)

Groovy scripts in the connector were used as a wrapper that called 
stored procedures in the database. These procedures were responsible for 
manipulating the tables, including updating user-role table based on the 
information that came in the "roles" attribute.

It is more complex than using the simple DB connector, but works nicely.

Best regards,
Pavol

On 20. 6. 2015 18:07, Roman Pudil - AMI Praha a.s. wrote:
> Hi all,
> I have 3 tables in database.
>
> 1) table with users
> 2) talbe with roles
> 3) table with users id's assigned to roles id's (M:N relation)
>
> First table and second table are connected to midPoint as two database 
> resources (DB users as identities, DB roles as midPoint roles). But 
> how to process third table to MidPoint with users to groups relations? 
> As third resource or not? How? What is best practice?
>
> Thanks for any idea!
>
> Regards!
> Roman Pudil
> AMI Praha, a.s.
> -- 
>
> Roman Pudil
> solution architect
> gsm: [+420] 775 663 666
> e-mail: roman.pudil at ami.cz
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel./fax: [+420] 274 783 239
> web: www.ami.cz
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150620/a32421ea/attachment.htm>