[midPoint] Dynamic Role Assignment

Wed Mar 16 16:19:43 CET 2016

Hi Ivan,

What if I have plenty of employee types (say, 100) in my trusted identity source? Do I have to create a hundred of mappings in object template in order to assign a corresponding role for each employeeType? I anticipate the performance of clockwork will suffer in such a case.

__________________________

Ilya Dorofeev

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Ivan Noris
Sent: Saturday, March 12, 2016 8:31 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Dynamic Role Assignment

Hi Gauri,

this is easily possible using Object Templates.

Please refer to one or our samples for example:
https://github.com/Evolveum/midpoint/blob/master/samples/objects/user-template-complex.xml

    <!-- RB-RBAC functionality. The Pirate role is automatically assigned based on the value of employeeType property -->
    <mapping>
        <source>
                <path>employeeType</path>
        </source>
        <expression>
            <value>
                <assignment>
                                        <targetRef oid="12345678-d34d-b33f-f00d-987987987988" type="RoleType"/>
                                </assignment>
            </value>
        </expression>
        <target>
                <path>assignment</path>
        </target>
        <condition>
                <script>
                <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
                <code>employeeType == 'PIRATE'</code>
            </script>
                </condition>
    </mapping>
Regards,
Ivan
________________________________
From: "GAURI SHIRSATH" <gauri15.shirsath at gmail.com<mailto:gauri15.shirsath at gmail.com>>
To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
Sent: Saturday, March 12, 2016 8:14:01 AM
Subject: [midPoint] Dynamic Role Assignment

Hi,

Can you please guide me for how to assign a role to user dynamically based on some attribute value?

Like, if my data is coming in to midpoint from CSV file and I want to assign a user role based on some attribute value.

Thank you,
Gauri

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint

--
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160316/06767bd0/attachment.htm>