[midPoint] assignment checking

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Thu Jun 30 15:59:39 CEST 2016


Hello Pavol,

Employee role gives th user accounts in AD and GoogleApps. After he leaves
company it is still desired to keep him in AD. So I made mappings which
switches employee role with AD and GA accounts for ExEmployee role with
only AD account.

---

Thanks for advice. I will try it and mail my results.

Best Regards,

Oskar

2016-06-30 15:27 GMT+02:00 Pavol Mederly <mederly at evolveum.com>:

> Hello Oskar,
>
> I don't quite understand your situation.
>
>    1. You create a user of 'employee' type and automatically assign him
>    Employee role. OK.
>    2. Then he leaves the company.
>    3. You say that his account is cancelled by assigning ExpiredEmployee
>    role.
>
> Why don't you simply unassign the Employee role?
>
> ---
>
> But back to your question: you can simply check all directly assigned
> roles by iterating through user.getAssignment() objects (of
> AssignmentType), and selecting those with getTargetRef() != null and
> getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).
>
> Best regards,
>
> Pavol
>
> On 28.06.2016 15:15, Oskar Butovič - AMI Praha a.s. wrote:
>
> Hello All,
>
> I am trying to check in mapping in user template wether the user has
> particular role.
>
> for example following scenario
> i create new user with identityType (extension parameter) employee. I wan
> to assign role Employee to users with this type.
> in some time employee leaves company and his account is cancelled by
> assigning expiredEmployee role
>
> i understand that so far it can be made by setting
> <authoritative>true</authoritative>
>
> but i also want for this role to be kept when user is editted ad his
> identity Type is no longer employee.
>
> this could be done with <authoritative>false</authoritative> but it then
> prevent prevoius scenario. If i would be able to check current roles of the
> user i could accomplish all required behaviour
> with <authoritative>true</authoritative>.
>
> Do you have any advice or code snippet how to resolve this problem?
>
> Regards
>
> Oskar Butovič
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160630/dff40cbe/attachment.htm>


More information about the midPoint mailing list