[midPoint] ScriptedSQL connector: multiple group types

Wojciech Staszewski wojciech.staszewski at diagnostyka.pl
Tue Dec 20 16:44:47 CET 2016 

Hello again!

It is possibe and how to configure group membership (association), each with different time constraints?
User may have assigned multiple "workplaces", each workplace must have it's own time constraint. Example:
user "jdoe" has:
- workplace "Serology lab 1" from 2015.04.01 to 2016.12.31
- workplace "Microbiology lab 2" from 2015.05.05 to 2017.05.05
- and workplace "Analytics lab 1" from 2012.01.01 to 2020.12.31

Is that possible to do?
Best regards,
WS

W dniu 19.12.2016 o 21:53, Wojciech Staszewski pisze:
> Thanks!
> 
> So then, it shouldn't be so hard.
> Best regards!
> 
> Dnia poniedziaƂek, 19 grudnia 2016 20:38:42 CET Pavol Mederly pisze:
>> Wojciech,
>>
>> I think your original idea is OK. You can create multiple types - i.e. 
>> object classes - in SchemaScript for your groups. Like Group1, Group2, 
>> ..., BlueGroup, RedGroup, GreenGroup, ..., DatabaseRole, 
>> ApplicationModule, Workplace. Anything you want. As soon as you 
>> consistently refer to them in all your scripts.
>>
>> And yes, you then map these object classes to midPoint terms: 
>> kind/intent; kind being entitlement in this case, and intents as you 
>> like. For example, databaseRole, applicationModule, or workplace.
>>
>> Pavol Mederly
>> Software developer
>> evolveum.com
>>
>> On 19.12.2016 20:25, Wojciech Staszewski wrote:
>>> Hello!
>>>
>>> Jokes are over. My first scriptedSQL connector works like a charm (Zabbix account with group membership), so it is time for something more sophisticated.
>>> I've got a system, where user's access rights are set by 3 different memberships.
>>> First membership are database roles.
>>> Second are application modules available for user.
>>> Third type are "workplaces" (with time constraints).
>>> These 3 memberships are independent, each user can have for example 3 roles, 12 enabled modules and 5 workplaces.
>>>
>>> I thought that I can do multiple group types in SchemaScript and distinguish them by "intent".
>>> But I can't do this. I can declare only 1 CustomGroupObjectClass...
>>> Any advice? Thanks and regards,
>>> WS :)
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
> 
>

More information about the midPoint mailing list