[midPoint] Role assignment from db table

Jason Everling jeverling at bshp.edu
Wed Apr 10 19:10:26 CEST 2019


Alcides is correct, its why I asked earlier on if they were going to have
multiple roles, which is one of the limitations of the database table
connector. If you plan to have outbound updates then you would need to
switch to a scriptedsql connector because it can use a database view as the
source data that you will need to manipulate to create a multivalue field
for your roles, probably using STUFF in sql, and then when updates
occur/needed it can write to any database, table and column on your server.

On to your sample, because you don't have a condition it is telling
midpoint that the persons 'assignment' value should only should be this
value, in an object template it will append values if you have it set that
way. You would need to use a condition as in evolveums sample, the easiest
way is to identify your roles using the roletype/subtype field.



On Wed, Apr 10, 2019 at 11:30 AM Alcides Carlos de Moraes Neto <
alcides.neto at gmail.com> wrote:

> If I'm understanding correctly, you want to create a resource with
> multiple projections, and each projection would result in a roleAssignment.
>
> Unfortunately that's not how resources in midPoint work. You can have
> multiple projections of the same objectType but only with multiple intents.
> https://wiki.evolveum.com/display/midPoint/Focus+and+Projections
> If you try to import multiple projections to the same focus object, only
> one will be linked, the other will stay unlinked (i guess? maybe unmatched?)
>
> You should struct your table/view like this:
>
> USER  ROLES  LASTUPDATE
> test    student,employee    datetime
> test2  student                     datetime
>
> There should be only one line per user. Then you would need to write a
> script to interpret the ROLES column, splitting it and searching for the
> roles.
>
>
> Em qua, 10 de abr de 2019 às 12:14, Justin Stanczak <rizenine at gmail.com>
> escreveu:
>
>> Here's the exact schemaHandling I'm using. So no on tolerant and not
>> condition set.
>>
>> *<schemaHandling>*
>> *        <objectType id="169">*
>> *            <kind>account</kind>*
>> *            <default>true</default>*
>> *            <objectClass>ri:AccountObjectClass</objectClass>*
>> *            <attribute id="402">*
>> *                <c:ref>ri:ROLE</c:ref>*
>> *                <tolerant>true</tolerant>*
>> *                <exclusiveStrong>false</exclusiveStrong>*
>> *                <inbound id="435">*
>> *                    <authoritative>false</authoritative>*
>> *                    <exclusive>false</exclusive>*
>> *                    <strength>normal</strength>*
>> *                    <expression>*
>> *                        <assignmentTargetSearch
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
>> <http://www.w3.org/2001/XMLSchema-instance>"
>> xsi:type="c:AssignmentTargetSearchExpressionEvaluatorType">*
>> *                            <targetType>c:RoleType</targetType>*
>> *
>> <oid>afb77728-38c8-4f66-9668-b594c992cad2</oid>*
>> *                        </assignmentTargetSearch>*
>> *                    </expression>*
>> *                    <target>*
>> *                        <c:path>assignment</c:path>*
>> *                    </target>*
>> *                </inbound>*
>> *            </attribute>*
>> *        </objectType>*
>> *    </schemaHandling>*
>>
>>
>>
>> On Wed, Apr 10, 2019 at 10:40 AM Jason Everling <jeverling at bshp.edu>
>> wrote:
>>
>>> You do not have any <tolerant>false</tolerant> anywhere right? Do you
>>> have the condition set? if so, with what?
>>>
>>>
>>>
>>>
>>> On Wed, Apr 10, 2019 at 9:24 AM Justin Stanczak <rizenine at gmail.com>
>>> wrote:
>>>
>>>> Maybe an example not of my own making would help.
>>>>
>>>> *https://raw.githubusercontent.com/Evolveum/midpoint/1c1975fa450bbee741314c2822c5715ebf68f6b2/samples/hogwarts/objects/resources/resource-csv.xml
>>>> <https://raw.githubusercontent.com/Evolveum/midpoint/1c1975fa450bbee741314c2822c5715ebf68f6b2/samples/hogwarts/objects/resources/resource-csv.xml>*
>>>>
>>>> *<inbound>*
>>>> * <expression>*
>>>> * <assignmentTargetSearch>*
>>>> *<targetType>c:RoleType</targetType>*
>>>> *<oid>e2c88fea-db21-11e5-80ba-d7b2f1155264</oid>*
>>>> *</assignmentTargetSearch>    *
>>>> * </expression>*
>>>> * <target>*
>>>> * <path>assignment</path>*
>>>> * <set>....</set>*
>>>> * </target>*
>>>> *</inbound>*
>>>>
>>>> If you scroll to the above section you'll find the inbound role
>>>> assignment. This is basically what I'm trying to do but my resource is a
>>>> database table. However, using this example just replaces all other
>>>> assignments for that account and sets this one. That can't be how this
>>>> example was intended to work? Where am I going wrong?
>>>>
>>>> Thanks.
>>>> Justin Stanczak
>>>>
>>>> _______________________________________________
>>>> midPoint mailing list
>>>> midPoint at lists.evolveum.com
>>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190410/54e572c4/attachment.htm>


More information about the midPoint mailing list