[midPoint] Unassignement ?

Tue Dec 20 11:40:58 CET 2016

Vincent,

assignmentTargetSearch most probably does not allow to set the dates. In 
the code it is quite straightforward:

ActivationType act = ...
act.setValidFrom(...)
act.setValidTo(...)
assignment.setActivation(act)

Pavol Mederly
Software developer
evolveum.com

On 20.12.2016 11:32, HURTEVENT VINCENT wrote:
> Hi Ivan,
>
> Thank you for your answer,
>
> We would like to deal with account lifecycle with the rules and 
> validity dates applied to assignment.
> How could we write our objectTemplate mapping to apply these dates ?
>
> Could we do this directly using expression and assignmentTargetSearch 
> or do we have to do this with script code as we begin to do in this 
> snippet :
>
> http://pastebin.com/ftsgzvZs
>
> Is there a method to set the validity dates ? Like 
> assignment.setValidityFrom or something like that ?
>
> Thanks !
>
>
>
>> Le 14 déc. 2016 à 11:42, Ivan Noris <ivan.noris at evolveum.com 
>> <mailto:ivan.noris at evolveum.com>> a écrit :
>>
>> Hi,
>>
>> by default, if you unassign (last) role which represents the account, 
>> the account would be deleted.
>>
>> If you assign the roles automatically in object templates, by some 
>> condition e.g. employee status, it would work automatically.
>>
>> On the other way midPoint can be configured to unassign roles, but 
>> not to delete the accounts, but disable them. Or disable them and 
>> delete later (in 30 days for example). See here: 
>> https://wiki.evolveum.com/display/midPoint/Resource+Schema+Handling%3A+Activation
>>
>> But if you wish to unassign all roles (regardless if they were 
>> assigned automatically by template or manually), this could be more 
>> complicated.
>>
>> Ivan
>>
>> On 12/14/2016 11:04 AM, HURTEVENT VINCENT wrote:
>>> Hello,
>>>
>>> We’re working on a PoC for our university with the creation of directories accounts with the informations provided by our upstream ressources (HR and student information systems).
>>>
>>> As many of our people have several profiles, mainly staff and student, it appears that working with intent is a good solution. So we began to write our process : one user, several intent, and objectTemplates which define assignments which induce accounts in downstream directories.
>>>
>>> When a people comes from upstream with a specific profile, for the exemple staff and student, we assign the staff Role and the student Role and the 2 accounts are well created in the downstream directories.
>>>
>>> Now, we would like in reaction to a deleted situation in a specific upstream ressources, to keep the user in Midpoint but unassign roles and potentially assign specific roles which could lead to specific manipulation on accounts (disable on AD, modify attributes, etc).
>>>
>>> We look at activation status but we don’t really understand how to use it with specific intent. Validity dates will be different between the staff contract dates and the student registration dates for example.
>>>
>>> Is there a simple way to define in ressources, an unassign action in reaction to a deleted situation ?
>>>
>>> Thank you,
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>> Ivan Noris
>> Senior Identity Engineer
>> evolveum.com <http://evolveum.com>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161220/8f49609b/attachment.htm>