[midPoint] Role-Entitlement Assignment

[Martin Marchese]

Hi All!,

I have a question on Role-Entitlement assignment:

I have an Entitlement representing LDAP groups (it does not exist in
midpoint, just in the resource, so it does not have a shadow).

I found the following example:
<assignment>
    <construction>
        <resourceRef oid="10000000-0000-0000-0000-000000000004" type=
"c:ResourceType"/>
        <kind>account</kind>
        <association>
            <ref>ri:group</ref>
            <outbound>
                <expression>
                    <value>
                        <shadowRef oid=
"20000000-0000-0000-3333-000000000001"/>
                    </value>
                </expression>
            </outbound>
        </association>
    </construction>
</assignment>

However, as I don't have the shadow created in MidPoint, I can't add the
shadow OID for reference. Is there a way to achieve this and not creating
the object within MidPoint?

Another question, as this assignment will probably be done a non-tech
customer, is there a way to do this assignment thru the UI?

Thanks in advance

*Ing. Martín Marchese*
Identicum S.A.
Anchorena 1357 PB
Tel: +54 (11) 3526.5509
mmarchese at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160629/4a21223c/attachment.htm>