[midPoint] Dynamic Role Assignment
Ivan Noris
ivan.noris at evolveum.com
Wed Mar 16 17:37:03 CET 2016
I have not found the issue in JIRA, but I remember we were discussing it
at the start of December 2015.
Anyway I've created https://jira.evolveum.com/browse/MID-2840 to track
the feature.
To increase the priority of the implementation, the usual options are:
https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature
Best regards,
Ivan
On 03/16/2016 04:19 PM, Дорофеев Илья wrote:
>
> Hi Ivan,
>
>
>
> What if I have plenty of employee types (say, 100) in my trusted
> identity source? Do I have to create a hundred of mappings in object
> template in order to assign a corresponding role for each
> employeeType? I anticipate the performance of clockwork will suffer in
> such a case.
>
>
>
> __________________________
>
>
>
> Ilya Dorofeev
>
>
>
> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
> Behalf Of *Ivan Noris
> *Sent:* Saturday, March 12, 2016 8:31 PM
> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Subject:* Re: [midPoint] Dynamic Role Assignment
>
>
>
> Hi Gauri,
>
>
>
> this is easily possible using Object Templates.
>
>
>
> Please refer to one or our samples for example:
>
> https://github.com/Evolveum/midpoint/blob/master/samples/objects/user-template-complex.xml
>
>
>
> <!-- RB-RBAC functionality. The Pirate role is automatically
> assigned based on the value of employeeType property -->
> <mapping>
> <source>
> <path>employeeType</path>
> </source>
> <expression>
> <value>
> <assignment>
> <targetRef
> oid="12345678-d34d-b33f-f00d-987987987988" type="RoleType"/>
> </assignment>
> </value>
> </expression>
> <target>
> <path>assignment</path>
> </target>
> <condition>
> <script>
>
> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language
> <http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy%3C/language>>
> <code>employeeType == 'PIRATE'</code>
> </script>
> </condition>
> </mapping>
>
> Regards,
>
> Ivan
>
> ------------------------------------------------------------------------
>
> *From: *"GAURI SHIRSATH" <gauri15.shirsath at gmail.com
> <mailto:gauri15.shirsath at gmail.com>>
> *To: *midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
> *Sent: *Saturday, March 12, 2016 8:14:01 AM
> *Subject: *[midPoint] Dynamic Role Assignment
>
>
>
> Hi,
>
>
>
> Can you please guide me for how to assign a role to user
> dynamically based on some attribute value?
>
>
>
> Like, if my data is coming in to midpoint from CSV file and I want
> to assign a user role based on some attribute value.
>
>
>
>
>
> Thank you,
>
> Gauri
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>
> --
>
> Ing. Ivan Noris
> Senior Identity Management Engineer & IDM Architect
> evolveum.com evolveum.com/blog/
> ___________________________________________________
> "Semper ID(e)M Vix."
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper ID(e)M Vix."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160316/0e55ae00/attachment.htm>
More information about the midPoint
mailing list