[midPoint] Dynamic Role Assignment

Radovan Semancik radovan.semancik at evolveum.com
Thu Mar 17 09:33:41 CET 2016 

That's right.

Our conclusion is that this would be feasible. There is probably very 
slight performance hit, but it is more than justified by the benefits in 
manageability and flexibility. I like this idea.

However, the part of midPoint roadmap that Evolveum is sponsoring is 
currently full. Therefore the only practical way how to get this feature 
in a near future is to sponsor it or develop it yourself.

-- 
Radovan Semancik
Software Architect
evolveum.com




On 03/16/2016 05:37 PM, Ivan Noris wrote:
> I have not found the issue in JIRA, but I remember we were discussing 
> it at the start of December 2015.
> Anyway I've created https://jira.evolveum.com/browse/MID-2840 to track 
> the feature.
>
> To increase the priority of the implementation,  the usual options 
> are: https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature
>
> Best regards,
> Ivan
>
> On 03/16/2016 04:19 PM, Дорофеев Илья wrote:
>>
>> Hi Ivan,
>>
>> What if I have plenty of employee types (say, 100) in my trusted 
>> identity source? Do I have to create a hundred of mappings in object 
>> template in order to assign a corresponding role for each 
>> employeeType? I anticipate the performance of clockwork will suffer 
>> in such a case.
>>
>> __________________________
>>
>> Ilya Dorofeev
>>
>> *From:*midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On 
>> Behalf Of *Ivan Noris
>> *Sent:* Saturday, March 12, 2016 8:31 PM
>> *To:* midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Subject:* Re: [midPoint] Dynamic Role Assignment
>>
>> Hi Gauri,
>>
>> this is easily possible using Object Templates.
>>
>> Please refer to one or our samples for example:
>>
>> https://github.com/Evolveum/midpoint/blob/master/samples/objects/user-template-complex.xml
>>
>>     <!-- RB-RBAC functionality. The Pirate role is automatically 
>> assigned based on the value of employeeType property -->
>>     <mapping>
>>         <source>
>>                 <path>employeeType</path>
>>         </source>
>>         <expression>
>>             <value>
>>                 <assignment>
>>                                         <targetRef 
>> oid="12345678-d34d-b33f-f00d-987987987988" type="RoleType"/>
>>                                 </assignment>
>>             </value>
>>         </expression>
>>         <target>
>>                 <path>assignment</path>
>>         </target>
>>         <condition>
>>                 <script>
>>                 
>> <language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language 
>> <http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy%3C/language>>
>>                 <code>employeeType == 'PIRATE'</code>
>>             </script>
>>                 </condition>
>>     </mapping>
>>
>> Regards,
>>
>> Ivan
>>
>> ------------------------------------------------------------------------
>>
>>     *From: *"GAURI SHIRSATH"
>>     <<mailto:gauri15.shirsath at gmail.com>gauri15.shirsath at gmail.com>
>>     *To: *<mailto:midpoint at lists.evolveum.com>midpoint at lists.evolveum.com
>>     *Sent: *Saturday, March 12, 2016 8:14:01 AM
>>     *Subject: *[midPoint] Dynamic Role Assignment
>>
>>     Hi,
>>
>>     Can you please guide me for how to assign a role to user
>>     dynamically based on some attribute value?
>>
>>     Like, if my data is coming in to midpoint from CSV file and I
>>     want to assign a user role based on some attribute value.
>>
>>     Thank you,
>>
>>     Gauri
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     <mailto:midPoint at lists.evolveum.com>midPoint at lists.evolveum.com
>>     <http://lists.evolveum.com/mailman/listinfo/midpoint>http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>>
>>   Ing. Ivan Noris
>>   Senior Identity Management Engineer & IDM Architect
>>   evolveum.com                     evolveum.com/blog/
>>   ___________________________________________________
>>   "Semper ID(e)M Vix."
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> -- 
>    Ing. Ivan Noris
>    Senior Identity Management Engineer & IDM Architect
>    evolveum.com                     evolveum.com/blog/
>    ___________________________________________________
>    "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160317/9d824137/attachment.htm>

More information about the midPoint mailing list