[midPoint] Re: Role assignment from db table

Justin Stanczak rizenine at gmail.com
Mon Apr 8 19:29:19 CEST 2019


Subject tag missing. :)

On Mon, Apr 8, 2019 at 1:06 PM Justin Stanczak <rizenine at gmail.com> wrote:

> I seem to have a mental block on assigning roles to users. I'm trying to
> pull from a database view and add or remove roles based on this. So the
> table would look like *"username, role, last_update"*. I've tried
> associations and attributes using things like assignmentTargetSearch with
> no luck. I've been thru the docs many times so I'm sure I'm just not
> connecting something. I'm hoping someone could maybe connect the pieces so
> I can better understand how this should work. I simply want to add and
> remove users from roles. I'm open to changing the view if that helps or if
> there's a better way to do this. Thanks.
>
> *Using:*
> Midpoint 3.9
> DatabaseTableConnector 1.4.3.0
> Oracle Table
>
> *Possible data example: *
> test, student, <lastupdate>
> test, employee, <lastupdate>
> test2, employee, <lastupdate>
>
> *This gives the following error: *
>
>
> *<schemaHandling>*
> *        <objectType id="169">*
> *            <kind>account</kind>*
> *            <default>true</default>*
> *            <objectClass>ri:AccountObjectClass</objectClass>*
> *            <attribute id="366">*
> *                <c:ref>ri:ROLE</c:ref>*
> *                <tolerant>true</tolerant>*
> *                <exclusiveStrong>false</exclusiveStrong>*
> *                <inbound id="367">*
> *                    <authoritative>true</authoritative>*
> *                    <exclusive>false</exclusive>*
> *                    <strength>normal</strength>*
> *                    <expression>*
> *                        <value>*
> *                            <targetRef
> oid="c50396ff-14a7-423e-a513-ff28c8bc91ee" type="c:RoleType"/>*
> *                        </value>*
> *                    </expression>*
> *                    <target>*
> *                        <c:path>assignment</c:path>*
> *                    </target>*
> *                </inbound>*
> *            </attribute>*
> *        </objectType>*
> *    </schemaHandling>*
>
>
> *Error: *
>
> *Attempt to delete value
> PCV(null):[PrismReference({.../common/common-3}targetRef):[PRV(oid=9a355bd4-07b3-44e5-8708-caa43e94c2b6,
> targetType={.../common/common-3}RoleType)]] from item assignment but that
> value is mandated by a strong mapping 'end user role' in
> objectTemplate:0488d68b-c064-417e-b5fa-db9b723fb546(User Template) (for
> object template objectTemplate:0488d68b-c064-417e-b5fa-db9b723fb546(User
> Template) for focus user:54b8326a-a73a-4a29-884d-ebd73cf602f4(test))*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190408/8465560b/attachment.htm>


More information about the midPoint mailing list