[midPoint] Bulk assign role to users by role name (3.7.2)

Oleksandr Nekriach o.nekriach at dynatech.lv
Tue Nov 6 09:04:24 CET 2018


Hi, Martin
Thank you for response and solution. I will save it for future use
I have found more simple solution via bulk task

    <task>
        <name>Assign role to users</name>
        <extension>
            <scext:executeScript xmlns:scext="
http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
                <s:search xmlns:s="
http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
                    <s:type>c:UserType</s:type>
                    <s:searchFilter>
                       <q:or>
                          <q:equal>
                             <q:matching>strictIgnoreCase</q:matching>
                             <q:path>name</q:path>
                             <q:value>TESTUSER1</q:value>
                          </q:equal>
                          <q:equal>
                             <q:matching>strictIgnoreCase</q:matching>
                             <q:path>name</q:path>

                             <q:value>TESTUSER2</q:value>
                          </q:equal>
                       </q:or>
                    </s:searchFilter>
                    <s:action>
                        <s:type>assign</s:type>
                            <s:parameter>
                            <s:name>role</s:name>
                            <c:value xsi:type="q:SearchFilterType">
                                <q:equal>
                                <q:matching>strictIgnoreCase</q:matching>
                                    <q:path>name</q:path>
                                    <q:value>ROLE1</q:value>
                                </q:equal>
                            </c:value>
                        </s:parameter>
                    </s:action>
                </s:search>
            </scext:executeScript>
        </extension>
        <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
        <executionStatus>runnable</executionStatus>
        <category>BulkActions</category>
        <handlerUri>
http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3
</handlerUri>
        <recurrence>single</recurrence>
    </task>



On Mon, 5 Nov 2018 at 22:03, Martin Lízner - AMI Praha a.s. <
martin.lizner at ami.cz> wrote:

> You cant. You need to do it in a script. Like this:
>
> <s:pipeline>
> <expression xsiType='SearchExpressionType'>
> <type>UserType</type>
> <searchFilter>
> <equal>
> <path>name</path>
> <value>Fantomas</value>
> </equal>
> </searchFilter>
> </expression>
> <expression xsiType="ActionExpressionType">
> <s:type>execute-script</s:type>
> <s:parameter>
> <s:name>script</s:name>
> <c:value>
> <c:code>
> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
> import com.evolveum.midpoint.prism.delta.builder.*
> import com.evolveum.midpoint.model.api.*
> roleName = "YOUR ROLE NAME";
> addAssignment = new AssignmentType()
> addAssignment.target = midpoint.searchObjectByName(RoleType.class,
> roleName)
> if (addAssignment.target != null) {
> delta = DeltaBuilder.deltaFor(FocusType.class, prismContext)
> .item(FocusType.F_ASSIGNMENT).add(addAssignment.asPrismContainerValue())
> .asObjectDelta(input.oid)
> midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())
> } else {
> throw new Exception("Role not found: "+roleName);
> }
> </c:code>
> </c:value>
> </s:parameter>
> </expression>
> </s:pipeline>
>
> M.
>
> *Martin Lízner*
> chief solution architect
>
> gsm: [+420] 737 745 571
> e‑mail: martin.lizner at ami.cz
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz <http://dtp.ami.cz/www.ami.cz>
>
> [image: AMI Praha a.s.]
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
>
>
> po 29. 10. 2018 v 15:24 odesílatel Oleksandr Nekriach <
> o.nekriach at dynatech.lv> napsal:
>
>> Hi guys,
>> Need a solution to bulk assign role to users by role name, please help.
>> Can't find an example how to do this by role name. There are many
>> examples of how to do this by OID (see below)  but I need by role name.
>> I will be very appreciated for help.
>>
>> <s:search xmlns:s="
>> http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
>>           xmlns:c="
>> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>           xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>           xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>       xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>>     <s:type>c:UserType</s:type>
>>    <s:searchFilter>
>>    <q:or>
>>       <q:equal>
>>          <q:path>name</q:path>
>>          <q:value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>                   xsi:type="t:PolyStringType">testuser</q:value>
>>       </q:equal>
>>       <q:equal>
>>          <q:path>name</q:path>
>>          <q:value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>                   xsi:type="t:PolyStringType">testuser2</q:value>
>>       </q:equal>
>>    </q:or>
>>    </s:searchFilter>
>>     <s:action>
>>         <s:type>assign</s:type>
>>         <s:parameter>
>>     <s:name>role</s:name>
>>     <c:value
>> xsi:type="xsd:string">6f1559e0-030a-4f40-a118-66c252af0001</c:value>
>>         </s:parameter>
>>     </s:action>
>> </s:search>
>>
>>
>> --
>> Best regards,
>>
>>
>>
>> Oleksandr Nekriach | Identity and access management engineer
>>
>> Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
>> <https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
>>
>> +37125314685 <+371%2025%20314%20685>
>> ,
>> o.nekriach at dynatech.lv
>> |
>> www.dynatech.lv
>>
>>
>> Stay connected:
>> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
>> <https://www.linkedin.com/company-beta/17893047/>
>>
>>
>> Confidentiality Notice: This message contains confidential information
>> and is intended only for the named recipient(s). If you are not the
>> addressee you may not copy, distribute or perform any other activities with
>> this information. If you have received this transmission in error, please
>> notify us by e-mail immediately. E-mail transmission cannot be guaranteed
>> to be secure or error-free as information could be intercepted, corrupted,
>> lost, destroyed, arrive late or incomplete, or contain viruses.
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>


-- 
Best regards,



Oleksandr Nekriach | Identity and access management engineer

Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
<https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>

+37125314685 <+371%2025%20314%20685>
,
o.nekriach at dynatech.lv
|
www.dynatech.lv


Stay connected:
<https://www.facebook.com/DynatechLatvia/?ref=br_rs>
<https://www.linkedin.com/company-beta/17893047/>


Confidentiality Notice: This message contains confidential information and
is intended only for the named recipient(s). If you are not the addressee
you may not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please notify
us by e-mail immediately. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/4efb1e18/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/4efb1e18/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/4efb1e18/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/4efb1e18/attachment-0002.png>


More information about the midPoint mailing list