[midPoint] User activation by HR data with manual override possibility

Pálos Gustáv gustav.palos at evolveum.com
Mon Jan 16 08:41:11 CET 2017


Hi Aivo,

I created in one project extension/overrideAdministrativeStatus user schema
extension and when it is enabled or disabled, I use this value over object
template user, elsewhere keep as is from activation/administrativeStatus.

            <xsd:element name="overrideAdministrativeStatus"
type="c:ActivationStatusType" minOccurs="0">
                <xsd:annotation>
                    <xsd:appinfo>
                        <a:indexed>true</a:indexed>
                        <a:displayName>Override Administrative
status</a:displayName>
                        <a:displayOrder>900</a:displayOrder>
                    </xsd:appinfo>
                    <xsd:documentation>
                        If this is filled, override administrative status
from HR calculated from status.
                        If you use this, please write to description a
reason, why you do this (for example: She works on maternity leave).
                    </xsd:documentation>
                </xsd:annotation>
            </xsd:element>

<mapping>
<name>Override administrative status if needed</name>
<strength>strong</strength>
<source>
<path>$user/activation/administrativeStatus</path>
</source>
<source>
<path>$user/extension/overrideAdministrativeStatus</path>
</source>
<expression>
<script>
<code>
                 if (overrideAdministrativeStatus!=null) {
                 return overrideAdministrativeStatus;
                 }
                    return administrativeStatus;
                </code>
</script>
</expression>
<target> <!-- need both administrativeStatus & effectiveStatus also -->
<path>$user/activation/administrativeStatus</path>
</target>
<condition>
<script>
<language>http://midpoint.evolveum.com/xml/ns/public/
expression/language#Groovy</language>
<code>overrideAdministrativeStatus !=null</code>
</script>
</condition>
</mapping>


Best regards,

Gustav

2017-01-16 8:32 GMT+01:00 Aivo Kuhlberg <aivo.kuhlberg at rmit.ee>:
>
>> Hi,
>>
>> I want to implement midPoint user activation mechanism based on HR
>> resource user account field value with manual GUI override possibility.
>> When the HR resource field "status" has value "WRS" (work relationship
>> stopped) then the midPoint user should be disabled, otherwise user should
>> be enabled. However, I need also possibility to manually override current
>> midPoint user activation value.
>> I tried implemented inbound activation for HR resource (like
>> https://github.com/Evolveum/midpoint/blob/master/samples/demo/hr.xml)
>> and it works - When I set HR user status to value "WRS" then midPoint
>> user's administrative status is changed to state Disabled. I can also
>> manually enable disabled user if needed in administration GUI. But the
>> problem here is that both HR resource and admin gui have the same access to
>> user's administrativeStatus value - I can change the user status in GUI but
>> whenever the HR user data is changed then it changes also
>> administrativeStatus back to value depanding on status field. Any ideas,
>> how should I implement disabling/enabling of user based on HR data with
>> manual user activation override possibility?
>> Thanks,
>> Aivo Kuhlberg
>>
>> ------------------------------
>> Käesolev e-kiri võib sisaldada asutusesiseseks kasutamiseks tunnistatud
>> teavet.
>> This e-mail may contain information which is classified for official use.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
> s pozdravom
>
> Gustáv Pálos
>



-- 
Gustáv Pálos
Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170116/da31449b/attachment.htm>


More information about the midPoint mailing list