[midPoint] Dynamic Role Assignment
Ivan Noris
ivan.noris at evolveum.com
Wed Mar 16 17:15:33 CET 2016
Hi Ilya,
currently - yes. But we were also considering another way of putting the
logic to the roles. I'm trying to check if there is corresponding JIRA
issue for it.
Regards,
Ivan
On 03/16/2016 04:19 PM, Дорофеев Илья wrote:
>
> Hi Ivan,
>
>
>
> What if I have plenty of employee types (say, 100) in my trusted
> identity source? Do I have to create a hundred of mappings in object
> template in order to assign a corresponding role for each
> employeeType? I anticipate the performance of clockwork will suffer in
> such a case.
>
>
>
> __________________________
>
>
>
> Ilya Dorofeev
>
>
>
> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
> Behalf Of *Ivan Noris
> *Sent:* Saturday, March 12, 2016 8:31 PM
> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject:* Re: [midPoint] Dynamic Role Assignment
>
>
>
> Hi Gauri,
>
>
>
> this is easily possible using Object Templates.
>
>
>
> Please refer to one or our samples for example:
>
> https://github.com/Evolveum/midpoint/blob/master/samples/objects/user-template-complex.xml
>
>
>
> <!-- RB-RBAC functionality. The Pirate role is automatically
> assigned based on the value of employeeType property -->
> <mapping>
> <source>
> <path>employeeType</path>
> </source>
> <expression>
> <value>
> <assignment>
> <targetRef
> oid="12345678-d34d-b33f-f00d-987987987988" type="RoleType"/>
> </assignment>
> </value>
> </expression>
> <target>
> <path>assignment</path>
> </target>
> <condition>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language
> <http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy%3C/language>>
> <code>employeeType == 'PIRATE'</code>
> </script>
> </condition>
> </mapping>
>
> Regards,
>
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"GAURI SHIRSATH" <gauri15.shirsath at gmail.com
> <mailto:gauri15.shirsath at gmail.com>>
> *To: *midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> *Sent: *Saturday, March 12, 2016 8:14:01 AM
> *Subject: *[midPoint] Dynamic Role Assignment
>
>
>
> Hi,
>
>
>
> Can you please guide me for how to assign a role to user
> dynamically based on some attribute value?
>
>
>
> Like, if my data is coming in to midpoint from CSV file and I want
> to assign a user role based on some attribute value.
>
>
>
>
>
> Thank you,
>
> Gauri
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> --
>
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper ID(e)M Vix."
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160316/176a6872/attachment.htm>
More information about the midPoint
mailing list