[midPoint] Role assignment from db table
Alcides Carlos de Moraes Neto
alcides.neto at gmail.com
Wed Apr 10 18:29:13 CEST 2019
If I'm understanding correctly, you want to create a resource with multiple
projections, and each projection would result in a roleAssignment.
Unfortunately that's not how resources in midPoint work. You can have
multiple projections of the same objectType but only with multiple intents.
https://wiki.evolveum.com/display/midPoint/Focus+and+Projections
If you try to import multiple projections to the same focus object, only
one will be linked, the other will stay unlinked (i guess? maybe unmatched?)
You should struct your table/view like this:
USER ROLES LASTUPDATE
test student,employee datetime
test2 student datetime
There should be only one line per user. Then you would need to write a
script to interpret the ROLES column, splitting it and searching for the
roles.
Em qua, 10 de abr de 2019 às 12:14, Justin Stanczak <rizenine at gmail.com>
escreveu:
> Here's the exact schemaHandling I'm using. So no on tolerant and not
> condition set.
>
> *<schemaHandling>*
> * <objectType id="169">*
> * <kind>account</kind>*
> * <default>true</default>*
> * <objectClass>ri:AccountObjectClass</objectClass>*
> * <attribute id="402">*
> * <c:ref>ri:ROLE</c:ref>*
> * <tolerant>true</tolerant>*
> * <exclusiveStrong>false</exclusiveStrong>*
> * <inbound id="435">*
> * <authoritative>false</authoritative>*
> * <exclusive>false</exclusive>*
> * <strength>normal</strength>*
> * <expression>*
> * <assignmentTargetSearch
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
> <http://www.w3.org/2001/XMLSchema-instance>"
> xsi:type="c:AssignmentTargetSearchExpressionEvaluatorType">*
> * <targetType>c:RoleType</targetType>*
> *
> <oid>afb77728-38c8-4f66-9668-b594c992cad2</oid>*
> * </assignmentTargetSearch>*
> * </expression>*
> * <target>*
> * <c:path>assignment</c:path>*
> * </target>*
> * </inbound>*
> * </attribute>*
> * </objectType>*
> * </schemaHandling>*
>
>
>
> On Wed, Apr 10, 2019 at 10:40 AM Jason Everling <jeverling at bshp.edu>
> wrote:
>
>> You do not have any <tolerant>false</tolerant> anywhere right? Do you
>> have the condition set? if so, with what?
>>
>>
>>
>>
>> On Wed, Apr 10, 2019 at 9:24 AM Justin Stanczak <rizenine at gmail.com>
>> wrote:
>>
>>> Maybe an example not of my own making would help.
>>>
>>> *https://raw.githubusercontent.com/Evolveum/midpoint/1c1975fa450bbee741314c2822c5715ebf68f6b2/samples/hogwarts/objects/resources/resource-csv.xml
>>> <https://raw.githubusercontent.com/Evolveum/midpoint/1c1975fa450bbee741314c2822c5715ebf68f6b2/samples/hogwarts/objects/resources/resource-csv.xml>*
>>>
>>> *<inbound>*
>>> * <expression>*
>>> * <assignmentTargetSearch>*
>>> *<targetType>c:RoleType</targetType>*
>>> *<oid>e2c88fea-db21-11e5-80ba-d7b2f1155264</oid>*
>>> *</assignmentTargetSearch> *
>>> * </expression>*
>>> * <target>*
>>> * <path>assignment</path>*
>>> * <set>....</set>*
>>> * </target>*
>>> *</inbound>*
>>>
>>> If you scroll to the above section you'll find the inbound role
>>> assignment. This is basically what I'm trying to do but my resource is a
>>> database table. However, using this example just replaces all other
>>> assignments for that account and sets this one. That can't be how this
>>> example was intended to work? Where am I going wrong?
>>>
>>> Thanks.
>>> Justin Stanczak
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190410/1567ce08/attachment.htm>
More information about the midPoint
mailing list