[midPoint] Prohibit having particular assignments

Radovan Semancik radovan.semancik at evolveum.com
Tue May 19 15:01:34 CEST 2015 

Hi Ilya,

This works a bit differently in midPoint. We do not have separate 
policies for automatic assignment and unassignemnt. These are the same. 
Therefore simply use mapping in user template that automatically adds an 
assignment. And specify a condition when user should have such an 
assignment. E.g.

<objectTemplate>
   ...
   <mapping>
      <expression> .... assignment here ... </expression>
<target><path>assignment</path></target>
      <condition>
         <script>
             <code>employeeType == 'active'</code>
         </script>
      </condition>
   </mapping>

Now, this works both for assignment and unassignment. If this user does 
not have such assignment and his employeeType changes to 'active' then 
the assignment will be added. But if user already has 
employeeType='active' and this changes to something else then the 
assignment will be removed.

MidPoint works with relative changes. This means that after every change 
in user attributes midPoint recomputes all the mappings and figures out 
what are the resulting (secondary) changes. E.g. if employeeType 
attribute changes from 'active' to 'inactive' then midPoint realizes 
that the condition in this particular mapping changes from true to 
false. Which means that the user should have the assignment given by 
this mapping before the change, but this user should NOT have the 
assignment after the change. Therefore midPoint removes the assignment.

-- 

                                            Radovan Semancik
                                           Software Architect
                                              evolveum.com




On 05/18/2015 01:02 PM, Илья Дорофеев wrote:
>
> Hi,
>
> I would like to adjust a policy that will automatically revoke all 
> user's assignments (or just some of them selected by a rule) in 
> accordance with particular values of some user properties. For 
> instance, I would like all the fired users have their assignments 
> revoked. I didn't find any mentions in docs of how it is supposed to 
> be configured.
>
> Thanks in advance,
>
> Ilya Dorofeev
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150519/345ac2c5/attachment.htm>

More information about the midPoint mailing list