[midPoint] ScriptedSQL connector: multiple group types
Pavol Mederly
mederly at evolveum.com
Mon Dec 19 20:38:42 CET 2016
Wojciech,
I think your original idea is OK. You can create multiple types - i.e.
object classes - in SchemaScript for your groups. Like Group1, Group2,
..., BlueGroup, RedGroup, GreenGroup, ..., DatabaseRole,
ApplicationModule, Workplace. Anything you want. As soon as you
consistently refer to them in all your scripts.
And yes, you then map these object classes to midPoint terms:
kind/intent; kind being entitlement in this case, and intents as you
like. For example, databaseRole, applicationModule, or workplace.
Pavol Mederly
Software developer
evolveum.com
On 19.12.2016 20:25, Wojciech Staszewski wrote:
> Hello!
>
> Jokes are over. My first scriptedSQL connector works like a charm (Zabbix account with group membership), so it is time for something more sophisticated.
> I've got a system, where user's access rights are set by 3 different memberships.
> First membership are database roles.
> Second are application modules available for user.
> Third type are "workplaces" (with time constraints).
> These 3 memberships are independent, each user can have for example 3 roles, 12 enabled modules and 5 workplaces.
>
> I thought that I can do multiple group types in SchemaScript and distinguish them by "intent".
> But I can't do this. I can declare only 1 CustomGroupObjectClass...
> Any advice? Thanks and regards,
> WS :)
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list