[midPoint] ROLES LOOKUP TABLES
Ivan Noris
ivan.noris at evolveum.com
Mon Oct 31 08:28:33 CET 2016
Hi Carlos,
yes it can be configured using GUI that's why I didn't paste an example.
But for reference, it's this:
...
<defaultObjectPolicyConfiguration>
<type>c:RoleType</type>
<objectTemplateRef oid="00000000-dc00-dc00-0002-000000000003"/>
</defaultObjectPolicyConfiguration>
...
Best regards,
Ivan
On 10/31/2016 12:26 AM, Carlos Ferreira wrote:
> Hi Ivan,
>
>
> Through the option Configuration->System, I figured out how to
> configure Role and Org templates.
>
>
> Thks a lot,
>
>
> Carlos
>
> 2016-10-30 19:29 GMT-02:00 Carlos Ferreira <carlos18619 at gmail.com
> <mailto:carlos18619 at gmail.com>>:
>
> Hi Ivan,
>
> Indeed, it is not configured in System Configuration.
>
> I have configured a template for user object, as follows:
>
> <defaultUserTemplateRef
> xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>"
> oid="c0c010c0-d34d-b33f-f00d-777222222222"
> type="tns:ObjectTemplateType"><!--
> Default User Template2 --></defaultUserTemplateRef>
>
> I tried (because I did not see any reference in the wiki),
> something like this for roles
>
> <defaultRoleTemplateRef
> xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3
> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>"
> oid="c0c010c0-d34d-c33f-f00d-777222222222"
> type="tns:ObjectTemplateType"><!--
> Default Role Template2 --></defaulRoleTemplateRef>
>
> but I've got an error.
>
> Would you, please, show me the snippet necessary to accomplish that?
>
> Tks,
>
>
> Carlos
>
>
> 2016-10-30 17:54 GMT-02:00 Ivan Noris <ivan.noris at evolveum.com
> <mailto:ivan.noris at evolveum.com>>:
>
> Hi Carlos,
>
> quick question before I can get to anything else: is your role
> object template configured in System configuration object?
> I.e. is it used at all?
>
> I'm using lookup tables for similar purposes for both Orgs and
> Users, but not for Roles; but I believe they all should work
> the same.
>
> Ivan
>
>
> On 10/29/2016 03:44 PM, Carlos Ferreira wrote:
>> Hi,
>>
>> I have a "Role Template" (taken from Midpoint Wiki), as follows:
>>
>> <objectTemplate
>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>"
>>
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3
>> <http://prism.evolveum.com/xml/ns/public/query-3>"
>>
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>"
>>
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3
>> <http://prism.evolveum.com/xml/ns/public/types-3>"
>>
>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>"
>>
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>"
>> oid="10000000-0000-0000-0000-000000000241"
>> version="0">
>> <name>Role Template</name>
>> <metadata>
>>
>> <createTimestamp>2016-10-29T09:30:35.745-02:00</createTimestamp>
>> <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> type="c:UserType"><!-- administrator --></creatorRef>
>>
>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>> <http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport></createChannel>
>> </metadata>
>> <item>
>> <c:ref>roleType</c:ref>
>> <valueEnumerationRef
>> oid="d5fa5e92-e450-11e4-b281-001e8c717e5b"/>
>> </item>
>> <mapping>
>> <name>Responsibility metarole assignment</name>
>> <authoritative>true</authoritative>
>> <strength>strong</strength>
>> <source>
>> <c:path
>> xmlns:ext="http://midpoint.evolveum.com/xml/ns/story/orgsync/ext
>> <http://midpoint.evolveum.com/xml/ns/story/orgsync/ext>">extension/ext:responsibility</c:path>
>> </source>
>> <expression>
>> <assignmentTargetSearch>
>> <targetType>c:RoleType</targetType>
>> <oid>10000000-0000-0000-0000-000000006602</oid>
>> </assignmentTargetSearch>
>> </expression>
>> <target>
>> <c:path>assignment</c:path>
>> </target>
>> <condition>
>> <script>
>> <code>responsibility as Boolean</code>
>> </script>
>> </condition>
>> </mapping>
>> </objectTemplate>
>>
>>
>> 2. I have a lookup table to list the possibilities for the
>> "role type" attribute:
>>
>>
>> <lookupTable
>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>"
>>
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3
>> <http://prism.evolveum.com/xml/ns/public/query-3>"
>>
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3
>> <http://midpoint.evolveum.com/xml/ns/public/common/common-3>"
>>
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3
>> <http://prism.evolveum.com/xml/ns/public/types-3>"
>>
>> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
>> <http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3>"
>>
>> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
>> <http://midpoint.evolveum.com/xml/ns/public/resource/instance-3>"
>> oid="d5fa5e92-e450-11e4-b281-001e8c717e5b"
>> version="0">
>> <name>Role Types</name>
>> <metadata>
>>
>> <createTimestamp>2016-10-29T09:36:04.102-02:00</createTimestamp>
>> <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> type="c:UserType"><!-- administrator --></creatorRef>
>>
>> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
>> <http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport></createChannel>
>> </metadata>
>> <row id="2">
>> <key>application</key>
>> <label>Application</label>
>>
>> <lastChangeTimestamp>2016-10-29T09:36:04.138-02:00</lastChangeTimestamp>
>> </row>
>> <row id="4">
>> <key>business</key>
>> <label>Business</label>
>>
>> <lastChangeTimestamp>2016-10-29T09:36:04.138-02:00</lastChangeTimestamp>
>> </row>
>> <row id="3">
>> <key>it</key>
>> <label>IT</label>
>>
>> <lastChangeTimestamp>2016-10-29T09:36:04.138-02:00</lastChangeTimestamp>
>> </row>
>> <row id="1">
>> <key>system</key>
>> <label>System</label>
>>
>> <lastChangeTimestamp>2016-10-29T09:36:04.138-02:00</lastChangeTimestamp>
>> </row>
>> </lookupTable>
>>
>>
>> 3. However, when I try do add a new role, I cannot see the
>> lookup table options while filling the "role type" attribute.
>> What is missing?
>>
>>
>> Carlos Antonio Ferreira
>> Tribunal Regional do Trabalho da 3ª Região
>> MG Brasil
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com <http://evolveum.com>
>
> _______________________________________________ midPoint
> mailing list midPoint at lists.evolveum.com
> <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161031/2e91b5d5/attachment.htm>
More information about the midPoint
mailing list