[midPoint] Bulk assign role to users by role name (3.7.2)

Martin Lízner - AMI Praha a.s. martin.lizner at ami.cz
Tue Nov 6 19:02:05 CET 2018


Wow, thats obvious solution, I bet I did try it in the past and It didnt
work. But maybe they improved mp or  <c:value
xsi:type="q:SearchFilterType"> behaves differently than search tag. Anyway
good job! M.

*Martin Lízner*
chief solution architect

gsm: [+420] 737 745 571
e‑mail: martin.lizner at ami.cz

*AMI Praha a.s.*
Pláničkova 11, 162 00 Praha 6

tel.: [+420] 274 783 239 | web: www.ami.cz <http://dtp.ami.cz/www.ami.cz>

[image: AMI Praha a.s.]

Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
za společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.

Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může obsahovat
důvěrné nebo osobní
informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
zveřejňování, zprostředkování
nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail neoprávněně,
informujte o tom prosím
odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
všech jeho příloh. Nakládáním
s neoprávněně získanými informacemi se vystavujete riziku právního postihu.


út 6. 11. 2018 v 9:08 odesílatel Oleksandr Nekriach <o.nekriach at dynatech.lv>
napsal:

> Hi, Martin
> Thank you for response and solution. I will save it for future use
> I have found more simple solution via bulk task
>
>     <task>
>         <name>Assign role to users</name>
>         <extension>
>             <scext:executeScript xmlns:scext="
> http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
>                 <s:search xmlns:s="
> http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
>                     <s:type>c:UserType</s:type>
>                     <s:searchFilter>
>                        <q:or>
>                           <q:equal>
>                              <q:matching>strictIgnoreCase</q:matching>
>                              <q:path>name</q:path>
>                              <q:value>TESTUSER1</q:value>
>                           </q:equal>
>                           <q:equal>
>                              <q:matching>strictIgnoreCase</q:matching>
>                              <q:path>name</q:path>
>
>                              <q:value>TESTUSER2</q:value>
>                           </q:equal>
>                        </q:or>
>                     </s:searchFilter>
>                     <s:action>
>                         <s:type>assign</s:type>
>                             <s:parameter>
>                             <s:name>role</s:name>
>                             <c:value xsi:type="q:SearchFilterType">
>                                 <q:equal>
>                                 <q:matching>strictIgnoreCase</q:matching>
>                                     <q:path>name</q:path>
>                                     <q:value>ROLE1</q:value>
>                                 </q:equal>
>                             </c:value>
>                         </s:parameter>
>                     </s:action>
>                 </s:search>
>             </scext:executeScript>
>         </extension>
>         <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
>         <executionStatus>runnable</executionStatus>
>         <category>BulkActions</category>
>         <handlerUri>
> http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3
> </handlerUri>
>         <recurrence>single</recurrence>
>     </task>
>
>
>
> On Mon, 5 Nov 2018 at 22:03, Martin Lízner - AMI Praha a.s. <
> martin.lizner at ami.cz> wrote:
>
>> You cant. You need to do it in a script. Like this:
>>
>> <s:pipeline>
>> <expression xsiType='SearchExpressionType'>
>> <type>UserType</type>
>> <searchFilter>
>> <equal>
>> <path>name</path>
>> <value>Fantomas</value>
>> </equal>
>> </searchFilter>
>> </expression>
>> <expression xsiType="ActionExpressionType">
>> <s:type>execute-script</s:type>
>> <s:parameter>
>> <s:name>script</s:name>
>> <c:value>
>> <c:code>
>> import com.evolveum.midpoint.xml.ns._public.common.common_3.*
>> import com.evolveum.midpoint.prism.delta.builder.*
>> import com.evolveum.midpoint.model.api.*
>> roleName = "YOUR ROLE NAME";
>> addAssignment = new AssignmentType()
>> addAssignment.target = midpoint.searchObjectByName(RoleType.class,
>> roleName)
>> if (addAssignment.target != null) {
>> delta = DeltaBuilder.deltaFor(FocusType.class, prismContext)
>> .item(FocusType.F_ASSIGNMENT).add(addAssignment.asPrismContainerValue())
>> .asObjectDelta(input.oid)
>> midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())
>> } else {
>> throw new Exception("Role not found: "+roleName);
>> }
>> </c:code>
>> </c:value>
>> </s:parameter>
>> </expression>
>> </s:pipeline>
>>
>> M.
>>
>> *Martin Lízner*
>> chief solution architect
>>
>> gsm: [+420] 737 745 571
>> e‑mail: martin.lizner at ami.cz
>>
>> *AMI Praha a.s.*
>> Pláničkova 11, 162 00 Praha 6
>>
>> tel.: [+420] 274 783 239 | web: www.ami.cz <http://dtp.ami.cz/www.ami.cz>
>>
>> [image: AMI Praha a.s.]
>>
>> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
>> za společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
>> obsahovat důvěrné nebo osobní
>> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
>> zveřejňování, zprostředkování
>> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
>> neoprávněně, informujte o tom prosím
>> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
>> všech jeho příloh. Nakládáním
>> s neoprávněně získanými informacemi se vystavujete riziku právního
>> postihu.
>>
>>
>> po 29. 10. 2018 v 15:24 odesílatel Oleksandr Nekriach <
>> o.nekriach at dynatech.lv> napsal:
>>
>>> Hi guys,
>>> Need a solution to bulk assign role to users by role name, please help.
>>> Can't find an example how to do this by role name. There are many
>>> examples of how to do this by OID (see below)  but I need by role name.
>>> I will be very appreciated for help.
>>>
>>> <s:search xmlns:s="
>>> http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"
>>>           xmlns:c="
>>> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>>           xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>>           xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>>>           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>       xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>>>     <s:type>c:UserType</s:type>
>>>    <s:searchFilter>
>>>    <q:or>
>>>       <q:equal>
>>>          <q:path>name</q:path>
>>>          <q:value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>                   xsi:type="t:PolyStringType">testuser</q:value>
>>>       </q:equal>
>>>       <q:equal>
>>>          <q:path>name</q:path>
>>>          <q:value xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>                   xsi:type="t:PolyStringType">testuser2</q:value>
>>>       </q:equal>
>>>    </q:or>
>>>    </s:searchFilter>
>>>     <s:action>
>>>         <s:type>assign</s:type>
>>>         <s:parameter>
>>>     <s:name>role</s:name>
>>>     <c:value
>>> xsi:type="xsd:string">6f1559e0-030a-4f40-a118-66c252af0001</c:value>
>>>         </s:parameter>
>>>     </s:action>
>>> </s:search>
>>>
>>>
>>> --
>>> Best regards,
>>>
>>>
>>>
>>> Oleksandr Nekriach | Identity and access management engineer
>>>
>>> Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
>>> <https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
>>>
>>> +37125314685 <+371%2025%20314%20685>
>>> ,
>>> o.nekriach at dynatech.lv
>>> |
>>> www.dynatech.lv
>>>
>>>
>>> Stay connected:
>>> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
>>> <https://www.linkedin.com/company-beta/17893047/>
>>>
>>>
>>> Confidentiality Notice: This message contains confidential information
>>> and is intended only for the named recipient(s). If you are not the
>>> addressee you may not copy, distribute or perform any other activities with
>>> this information. If you have received this transmission in error, please
>>> notify us by e-mail immediately. E-mail transmission cannot be guaranteed
>>> to be secure or error-free as information could be intercepted, corrupted,
>>> lost, destroyed, arrive late or incomplete, or contain viruses.
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> Best regards,
>
>
>
> Oleksandr Nekriach | Identity and access management engineer
>
> Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
> <https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
>
> +37125314685 <+371%2025%20314%20685>
> ,
> o.nekriach at dynatech.lv
> |
> www.dynatech.lv
>
>
> Stay connected:
> <https://www.facebook.com/DynatechLatvia/?ref=br_rs>
> <https://www.linkedin.com/company-beta/17893047/>
>
>
> Confidentiality Notice: This message contains confidential information and
> is intended only for the named recipient(s). If you are not the addressee
> you may not copy, distribute or perform any other activities with this
> information. If you have received this transmission in error, please notify
> us by e-mail immediately. E-mail transmission cannot be guaranteed to be
> secure or error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/f5739fa2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/f5739fa2/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/f5739fa2/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181106/f5739fa2/attachment-0002.png>


More information about the midPoint mailing list