[midPoint] Bulk assign role to users by role name (3.7.2)

Mon Nov 5 20:54:57 CET 2018

You cant. You need to do it in a script. Like this:

<s:pipeline>
<expression xsiType='SearchExpressionType'>
<type>UserType</type>
<searchFilter>
<equal>
<path>name</path>
<value>Fantomas</value>
</equal>
</searchFilter>
</expression>
<expression xsiType="ActionExpressionType">
<s:type>execute-script</s:type>
<s:parameter>
<s:name>script</s:name>
<c:value>
<c:code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.*
import com.evolveum.midpoint.prism.delta.builder.*
import com.evolveum.midpoint.model.api.*
roleName = "YOUR ROLE NAME";
addAssignment = new AssignmentType()
addAssignment.target = midpoint.searchObjectByName(RoleType.class, roleName)
if (addAssignment.target != null) {
delta = DeltaBuilder.deltaFor(FocusType.class, prismContext)
.item(FocusType.F_ASSIGNMENT).add(addAssignment.asPrismContainerValue())
.asObjectDelta(input.oid)
midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())
} else {
throw new Exception("Role not found: "+roleName);
}
</c:code>
</c:value>
</s:parameter>
</expression>
</s:pipeline>

M.

*Martin Lízner*
chief solution architect

gsm: [+420] 737 745 571
e‑mail: martin.lizner at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz <http://dtp.ami.cz/www.ami.cz>

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.

po 29. 10. 2018 v 15:24 odesílatel Oleksandr Nekriach <
o.nekriach at dynatech.lv> napsal:

> Hi guys,
> Need a solution to bulk assign role to users by role name, please help.
> Can't find an example how to do this by role name. There are many examples
> of how to do this by OID (see below)  but I need by role name.
> I will be very appreciated for help.
>
> <s:search xmlns:s="
> http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
>           xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>           xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>           xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>       xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>     <s:type>c:UserType</s:type>
>    <s:searchFilter>
>    <q:or>
>       <q:equal>
>          <q:path>name</q:path>
>          <q:value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>                   xsi:type="t:PolyStringType">testuser</q:value>
>       </q:equal>
>       <q:equal>
>          <q:path>name</q:path>
>          <q:value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>                   xsi:type="t:PolyStringType">testuser2</q:value>
>       </q:equal>
>    </q:or>
>    </s:searchFilter>
>     <s:action>
>         <s:type>assign</s:type>
>         <s:parameter>
>     <s:name>role</s:name>
>     <c:value
> xsi:type="xsd:string">6f1559e0-030a-4f40-a118-66c252af0001</c:value>
>         </s:parameter>
>     </s:action>
> </s:search>
>
>
> --
> Best regards,
>
>
>
> Oleksandr Nekriach | Identity and access management engineer
>
> Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
> <https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
>
> +37125314685 <+371%2025%20314%20685>
> ,
> o.nekriach at dynatech.lv
> |
> www.dynatech.lv
>
>
> Stay connected:
> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
> <https://www.linkedin.com/company-beta/17893047/>
>
>
> Confidentiality Notice: This message contains confidential information and
> is intended only for the named recipient(s). If you are not the addressee
> you may not copy, distribute or perform any other activities with this
> information. If you have received this transmission in error, please notify
> us by e-mail immediately. E-mail transmission cannot be guaranteed to be
> secure or error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181105/92ee497d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181105/92ee497d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181105/92ee497d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181105/92ee497d/attachment-0002.png>