[midPoint] Assigning role to user when receiving a resource

Nicolas Rossi nrossi at identicum.com
Tue Nov 29 13:06:28 CET 2016


HI Ivan, have you seen something wrong with these configurations ?

Best regards





Ing Nicolás Rossi
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
www.identicum.com

On Fri, Nov 25, 2016 at 12:56 PM, Nicolas Rossi <nrossi at identicum.com>
wrote:

> Hi Ivan, here are the XMLs:
>
>    - ScriptedSQL-Grupo1.xml: A role with an association to an entitlement
>    - ScriptedSQL-Grupo3.xml: A role with an assignment to a MetaRole
>    - ScriptedSQL-MetaRole-1.xml: First alternative with another assignment
>    - ScriptedSQL-MetaRole-2.xml: Second alternative with an inducement to
>    Group 3
>    - ScriptedSQL-MetaRole-3.xml: Second alternative with an inducement to
>    Group 1
>
> Thanks in advance !
>
> Best regards
>
>
>
> Ing Nicolás Rossi
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> www.identicum.com
>
> On Thu, Nov 24, 2016 at 6:20 PM, Ivan Noris <ivan.noris at evolveum.com>
> wrote:
>
>> Hi Nicolas,
>>
>> can you paste the (three) attempts how the MetaRole looks, anonymized if
>> necessary? Maybe I will have an idea by looking at it.
>>
>> Regards,
>>
>> Ivan
>>
>> On 11/24/2016 09:52 PM, Nicolas Rossi wrote:
>>
>> Hi guys. We are still working on this issue. We have tried 3 alternatives
>> to achieve it. All of them working on the resource MetaRole:
>>
>> 1) Add a new association on the existing inducement constructor directly
>> to the entitlement on the resource. It works fine (entitlement is
>> provisioned) but we cannot see this assignment on the GUI.
>>
>> 2) Add an inducement to an existing role which has an assignment to the
>> resource MetaRole. I can see the assignment on the GUI but the entitlement
>> is not provisioned to the resource.
>>
>> 3) Add an inducement to an existing role which has an inducement with
>> association to the entitlement on the resource. I can see the assignment
>> on the GUI but the entitlement is not provisioned to the resource.
>>
>> Is there any other possible configuration ?
>>
>> ​Best regards,
>>>>
>>
>> Ing Nicolás Rossi
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050
>> www.identicum.com
>>
>> On Mon, Nov 21, 2016 at 5:56 PM, Ana Pereyra <apereyra at identicum.com>
>> wrote:
>>
>>> Hi everyone,
>>>
>>> We are having the following issue:
>>>
>>> We need to assign the role B to users after being created in resource A,
>>> automatically.
>>>
>>> We are using a scripted sql driver, and a meta role for creating users
>>> and groups in the database; and role B is a group in resource A.
>>>
>>> We have been trying to assign indirectly role B to users using the meta
>>> role, with no luck. Any ideas on how to approach this?
>>>
>>> Thanks in advance.
>>> Regards
>>>
>>> --
>>> *Ana Pereyra*
>>>  Identicum S.A.
>>>
>>> *Jorge Newbery 3226, Argentina Tel: +54 (11) **4552.3050*
>>> *apereyra at identicum.com <apereyra at identicum.com>*
>>> www.identicum.com
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>> Ivan Noris
>> Senior Identity Engineerevolveum.com
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161129/fbfc2eda/attachment.htm>


More information about the midPoint mailing list