[midPoint] Role assignment from db table

Jason Everling jeverling at bshp.edu
Mon Apr 8 21:46:23 CEST 2019 

looks like it is trying to replace the end user role but that is assigned
from a strong condition in your default user template. You can create
inbound assignment mappings from association.




On Mon, Apr 8, 2019 at 12:29 PM Justin Stanczak <rizenine at gmail.com> wrote:

> Subject tag missing. :)
>
> On Mon, Apr 8, 2019 at 1:06 PM Justin Stanczak <rizenine at gmail.com> wrote:
>
>> I seem to have a mental block on assigning roles to users. I'm trying to
>> pull from a database view and add or remove roles based on this. So the
>> table would look like *"username, role, last_update"*. I've tried
>> associations and attributes using things like assignmentTargetSearch with
>> no luck. I've been thru the docs many times so I'm sure I'm just not
>> connecting something. I'm hoping someone could maybe connect the pieces so
>> I can better understand how this should work. I simply want to add and
>> remove users from roles. I'm open to changing the view if that helps or if
>> there's a better way to do this. Thanks.
>>
>> *Using:*
>> Midpoint 3.9
>> DatabaseTableConnector 1.4.3.0
>> Oracle Table
>>
>> *Possible data example: *
>> test, student, <lastupdate>
>> test, employee, <lastupdate>
>> test2, employee, <lastupdate>
>>
>> *This gives the following error: *
>>
>>
>> *<schemaHandling>*
>> *        <objectType id="169">*
>> *            <kind>account</kind>*
>> *            <default>true</default>*
>> *            <objectClass>ri:AccountObjectClass</objectClass>*
>> *            <attribute id="366">*
>> *                <c:ref>ri:ROLE</c:ref>*
>> *                <tolerant>true</tolerant>*
>> *                <exclusiveStrong>false</exclusiveStrong>*
>> *                <inbound id="367">*
>> *                    <authoritative>true</authoritative>*
>> *                    <exclusive>false</exclusive>*
>> *                    <strength>normal</strength>*
>> *                    <expression>*
>> *                        <value>*
>> *                            <targetRef
>> oid="c50396ff-14a7-423e-a513-ff28c8bc91ee" type="c:RoleType"/>*
>> *                        </value>*
>> *                    </expression>*
>> *                    <target>*
>> *                        <c:path>assignment</c:path>*
>> *                    </target>*
>> *                </inbound>*
>> *            </attribute>*
>> *        </objectType>*
>> *    </schemaHandling>*
>>
>>
>> *Error: *
>>
>> *Attempt to delete value
>> PCV(null):[PrismReference({.../common/common-3}targetRef):[PRV(oid=9a355bd4-07b3-44e5-8708-caa43e94c2b6,
>> targetType={.../common/common-3}RoleType)]] from item assignment but that
>> value is mandated by a strong mapping 'end user role' in
>> objectTemplate:0488d68b-c064-417e-b5fa-db9b723fb546(User Template) (for
>> object template objectTemplate:0488d68b-c064-417e-b5fa-db9b723fb546(User
>> Template) for focus user:54b8326a-a73a-4a29-884d-ebd73cf602f4(test))*
>>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190408/67bf81ce/attachment.htm>

More information about the midPoint mailing list