[midPoint] Group Memberships In ScriptSQL Question

Martin Marchese mmarchese at identicum.com
Tue Sep 13 16:01:45 CEST 2016 

Hi All,

We were running some tests with the ScriptedSQL connector in order to
manage group membership in a database.

Our DB model has the following tables:

USERS
GROUPS
USERGROUPS

Assigning the resource to a User, executes the create script and we use
that to create the user in the USERS table.

Adding a Role to a user already linked (which has the resource meta-rol
assigned) execute the UPDATE script with the ADD_ATTRIBUTES_VALUE action
and we use that script to add a record into the USERGROUPS table. Similar
behaviour when we remove the role to the user, but in this case with a
REMOVE_ATTRIBUTE_VALUES action.

Finallly, we tested the following case:

User not linked nor assigned the Resource. We assign the Group Role, which
creates the user in the USERS table (CreateScript) and adds the
corresponding record to the USERGROUPS table (UpdateScript with
ADD_ATTRIBUTE_VALUE action).

Without doing any other assignment to the user, we remove the Group Role.
In this case, after verifying the group and user existance (with the
SearcScript), we found out that the connector executes the DeleteScript in
order to manage User deletion. But it does not do anything with the group
membership.

The behaviour that we are trying to accomplish is the following: Once the
user loose the last group, remove the user from that group but leave it
created (and disabled) within the database.
Yes, we could process this within the delete script, but in a real Delete
(when a user is being deleted but it has many group assignments within the
DB), we would like to disable the user, without removing the group
memberships.

Is this possible or is not how the connector works?

Thanks in advance

*Ing. Martín Marchese*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
mmarchese at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160913/6f071fb2/attachment.htm>

More information about the midPoint mailing list