[midPoint] Separate users?

Fri Feb 3 09:30:29 CET 2017

OK, thanks! It's so simple... :)

W dniu 02.02.2017 o 16:58, Ivan Noris pisze:
> Hi,
> 
> just a quick idea/concept:
> 
> 1. you don't need to use User list (just disable access to that page using GUI authorizations)
> 
> 2. you can use organizational structure/tree. I'm using a separate org. structure with only 3 orgs: Former employees; Active employees and Inactive employees. I'm automatically assigning users to one of these organizations using Object Template. (You can still have "normal" org. structure, this one is just another one.)
> 
> 3. you can actually also keep using User list. Just be sure that users logging to midpoint have different authorizations - some of them will be allowed to see only external users, some of them only internal users etc. We are using this commonly. (Also as a part of our training.)
> 
> So I think it should be doable using proper authorizations to see just "certain" users.
> 
> Can't comment on saving filters or modifying dashboard.
> 
> Regards,
> 
> Ivan
> 
> On 02/02/2017 09:56 AM, Wojciech Staszewski wrote:
>> Hello!
>>
>> Is in midPoint a way to separate users in Users->List users view? Except using search filter?
>>
>> What I mean:
>>
>> I have 6000 regular employees.
>> But I also have to manage external accounts in our systems (LIS, Laboratory Information System).
>> External user account is an account for doctor ordering the blood tests to his patients.
>> The doctor has an access card with pin, he can login to our system via web page and see the results of tests ordered by him.
>> The doctor can work in several hospitals, He can have a private office as well, so he can have accounts in several LISes, as every lab has its own.
>>
>> The situation:
>>
>> There is about 60 000 doctors registered in our systems.
>> I have to import them to MidPoint to easily disable every doctor's account when cooperation with him is over.
>> Doctors accounts are separated from employees accounts, stored in different db tables and have different attributes.
>>
>> The concept:
>>
>> I made separate ObjectClass and Intent in ScriptedSQL connector configuration, configured SQL queries, schema handling and synchronization.
>> I also made separate user template and Org Unit to put every doctor to this unit and assign proper "employee type".
>> This works good, the goal was achieved.
>>
>> The problem:
>>
>> In List users tab all users are mixed together. This is not what I want.
>> I can use search filter and filter the users by employee type.
>> OK, but this is not comfortable and the filters are not remembered so I have to set the filter again on each login.
>>
>> Possible solutions:
>>
>> 1. Add ability to save filters and pick saved filter from list. Last user choice is remembered (in cookies? DB?).
>>    Quick, comfortable, effective and very popular in other apps. See attached file.
>> 2. Make the external users disappear somehow from the users list and make them visible in organizational tree only. I don't know if this is possible, probably not.
>> 3. Edit the menu items or add new "dashboard link" with filter applied to this link. As above.
>>
>> Any other ideas?
>>
>> Best regards,
>> Wojciech Staszewski.
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> 
> -- 
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
> 
> 
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
> 

-- 
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
www.diagnostyka.pl
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.

Pomyśl o środowisku zanim wydrukujesz ten e-mail.