[midPoint] ScriptedSQL - add/remove entitlements
Wojciech Staszewski
wojciech.staszewski at diagnostyka.pl
Tue Dec 13 18:30:22 CET 2016
Thank you very much!
Regards, WS
Dnia poniedziałek, 12 grudnia 2016 21:45:00 CET Nicolas Rossi pisze:
> Hi, you have to add the association between Users and Groups. It's
> something like that:
>
> <association>
> <ref>ri:GroupObjectClass</ref>
> <kind>entitlement</kind>
> <intent>default</intent>
> <tolerant>false</tolerant>
> <direction>subjectToObject</direction>
> <associationAttribute>ri:groups</associationAttribute>
> <valueAttribute>icfs:uid</valueAttribute>
> <shortcutAssociationAttribute>ri:members</shortcutAssociationAttribute>
> <shortcutValueAttribute>icfs:uid</shortcutValueAttribute>
> </association>
>
> You can find more information about the association and the tolerant
> parameter here:
> https://wiki.evolveum.com/display/midPoint/Entitlements#Entitlements-AssociationDefinition
>
> Inside your Update script the operation should be ADD_ATTRIBUTE_VALUE for
> objectClass __ACCOUNT__ and the attribute received should be "groups":
>
> case "ADD_ATTRIBUTE_VALUES":
>
> if(objectClass == "__ACCOUNT__")
> {
> for(String group : attributes.get("groups"))
> {
> def existingEntitlement = sql.rows("SELECT 1 FROM
> UserGroups WHERE user_id=? AND group_id=?",[uid as String, group as
> String]);
> if(existingEntitlement.isEmpty())
> {
> log.info("Sample - Adding entitlement ${group} to user
> ${uid}");
> sql.execute("insert into UserGroups (user_id, group_id)
> values (" + uid + "," + group + ")");
> }
> else
> {
> log.info("Sample - Skipping assignment because user
> ${uid} already has group ${group}");
> }
> }
> }
>
> You should also handle the REMOVE_ATTRIBUTE_VALUES with the same logic.
> Radovan and Ivan have helped us few weeks ago with the ScriptedSQL
> resource. You can find the conversation in the mailing list. I am sure it
> will help you too.
>
> Regards,
>
>
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> www.identicum.com
>
> On Mon, Dec 12, 2016 at 7:11 PM, Wojciech Staszewski <
> wojciech.staszewski at diagnostyka.pl> wrote:
>
> > Hello,
> >
> > I'm playing with ScriptedSQL resource, based on Evolveum example from
> > Github.
> > I'm able to list/add/remove users/groups and enable/disable accounts.
> > Great.
> > But now I want to apply an assignment (a group) to user. Unfortunately
> > "Update_Script.groovy" is incomplete,
> > ADD_ATTRIBUTE_VALUES and REMOVE_ATTRIBUTE_VALUES cases are empty.
> > Where can I find some examples?
> >
> > Thanks a lot!
> > WS
> > _______________________________________________
> > midPoint mailing list
> > midPoint at lists.evolveum.com
> > http://lists.evolveum.com/mailman/listinfo/midpoint
> >
>
--
Wojciech Staszewski
Administrator Systemów Sieciowych
Dział IT
DIAGNOSTYKA
Spółka z ograniczoną odpowiedzialnością
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
tel.: +48 12 295 01 00
fax: +48 12 295 01 02
tel. kom: 663 680 236
www.diag.pl
DIAGNOSTYKA Spółka z ograniczoną odpowiedzialnością ul. Prof. M. Życzkowskiego 16, 31-864 Kraków;
KRS: Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy Krajowego KRS: 0000381559; NIP: 675-12-65-009; REGON: 356366975, Kapitał zakładowy: 33 252 500 zł.
More information about the midPoint
mailing list