[midPoint] Separate users?

Thu Feb 2 16:58:01 CET 2017

Hi,

just a quick idea/concept:

1. you don't need to use User list (just disable access to that page
using GUI authorizations)

2. you can use organizational structure/tree. I'm using a separate org.
structure with only 3 orgs: Former employees; Active employees and
Inactive employees. I'm automatically assigning users to one of these
organizations using Object Template. (You can still have "normal" org.
structure, this one is just another one.)

3. you can actually also keep using User list. Just be sure that users
logging to midpoint have different authorizations - some of them will be
allowed to see only external users, some of them only internal users
etc. We are using this commonly. (Also as a part of our training.)

So I think it should be doable using proper authorizations to see just
"certain" users.

Can't comment on saving filters or modifying dashboard.

Regards,

Ivan

On 02/02/2017 09:56 AM, Wojciech Staszewski wrote:
> Hello!
>
> Is in midPoint a way to separate users in Users->List users view? Except using search filter?
>
> What I mean:
>
> I have 6000 regular employees.
> But I also have to manage external accounts in our systems (LIS, Laboratory Information System).
> External user account is an account for doctor ordering the blood tests to his patients.
> The doctor has an access card with pin, he can login to our system via web page and see the results of tests ordered by him.
> The doctor can work in several hospitals, He can have a private office as well, so he can have accounts in several LISes, as every lab has its own.
>
> The situation:
>
> There is about 60 000 doctors registered in our systems.
> I have to import them to MidPoint to easily disable every doctor's account when cooperation with him is over.
> Doctors accounts are separated from employees accounts, stored in different db tables and have different attributes.
>
> The concept:
>
> I made separate ObjectClass and Intent in ScriptedSQL connector configuration, configured SQL queries, schema handling and synchronization.
> I also made separate user template and Org Unit to put every doctor to this unit and assign proper "employee type".
> This works good, the goal was achieved.
>
> The problem:
>
> In List users tab all users are mixed together. This is not what I want.
> I can use search filter and filter the users by employee type.
> OK, but this is not comfortable and the filters are not remembered so I have to set the filter again on each login.
>
> Possible solutions:
>
> 1. Add ability to save filters and pick saved filter from list. Last user choice is remembered (in cookies? DB?).
>    Quick, comfortable, effective and very popular in other apps. See attached file.
> 2. Make the external users disappear somehow from the users list and make them visible in organizational tree only. I don't know if this is possible, probably not.
> 3. Edit the menu items or add new "dashboard link" with filter applied to this link. As above.
>
> Any other ideas?
>
> Best regards,
> Wojciech Staszewski.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170202/a10ef5f7/attachment.htm>