[midPoint] Link user to another user

[Radovan Semancik]

Hi,

If you really want to do this then what you need is to create an 
extension of user schema and define a custom object reference there. Or 
simply reference the users by their identifiers using custom string 
property.

However, specifying managers as user-user relation is a very problematic 
approach. E.g. if you want to replace a manager you will need to change 
a lot of user records. That may interfere with approvals and 
notifications, it will most likely complicate authorization schemes and 
pollute audit logs. Yes, this was a recommended way in some old IDM 
systems. But I would consider this approach to be an anti-pattern. And a 
particularly ugly one. That is the reason that this approach is not 
implemented in midPoint out-of-the-box. There is much better way.

MidPoint has a very rich functionality regarding organizational 
structure management. It is much better idea to use these features. The 
you would place users into organizational units and specify managers for 
those units. This is well supported in midPoint core and also in GUI. 
Changes in managers are much easier to do. There are also methods 
prepared to evaluate management chains in this case. And you can also 
support cases such as several managers for single org unit and so on.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 08/24/2016 05:06 PM, mariano marron wrote:
> Hi everyone. I want to reference an user to another by setting an 
> attribute such as "manager" to a user. Any available information on 
> this matter? Thanks in advance.
>
> Mariano
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160824/c793f345/attachment.htm>