[midPoint] Set midPoint User attribute when Role assigned

Brad Firestone bhotrock at gmail.com
Sat Dec 7 01:14:31 CET 2019


Thank you Jason!!

Jason Everling wrote on 12/6/19 2:17 PM:
>
> Within the role definition, this will update the user attribute with 
> the value defined, when roles I removed the value is also removed. Its 
> not related to any resource attribute
>
>
> <inducement>
>
>          <focusMappings>
>
> <mapping>
>
> <strength>strong</strength>
>
> <expression>
>
> <value>FACULTY</value>
>
> </expression>
>
>                <target>
>
> <c:path 
> xmlns:bshp="http://midpoint.bshp.edu/xml/ns/bshp">$focus/extension/bshp:bshpPersonAffiliation</c:path>
>
> </target>
>
>             </mapping>
>
> </focusMappings>
>
>          <activation>
>
> <administrativeStatus>enabled</administrativeStatus>
>
> </activation>
>
> <focusType>c:UserType</focusType>
>
> </inducement>
>
> *From: *Brad Firestone <mailto:bhotrock at gmail.com>
> *Sent: *Friday, December 6, 2019 12:50 PM
> *To: *midPoint General Discussion <mailto:midpoint at lists.evolveum.com>
> *Subject: *[midPoint] Set midPoint User attribute when Role assigned
>
> Hi All,
>
> I would like to set an attribute value for a midPoint User when they
>
> have been assigned a given role.  This attribute value will not be
>
> synced to any resource.  I just want to be able to display it in the
>
> midPoint GUI.  I am using the organizationalUnit attribute since it's
>
> multi-valued.
>
> My reason for doing this is that I've created "Departmental User
>
> Managers".  These people can create new Users, edit existing Users and
>
> (un)assign Roles that "belong" to their department.  (I'm using subtype
>
> to define role ownership.)  They can only see their department's Roles
>
> in the GUI, which serves two purposes:  It restricts which Roles they
>
> can (un)assign, and it hides a large number of Roles which makes things
>
> quicker and less confusing.  Since all Roles are not visible in the
>
> Roles section, I would like to use the organizationalUnit attribute
>
> (renamed) to display ALL roles that a User has.  This is helpful to let
>
> a departmental User Manager see what other Roles (from other
>
> departments) a certain User has been assigned.
>
> Ideally, this attribute value assignment would be part of the Role
>
> definition.  But I can't find a way to do that.  It seems to me all
>
> mapping in Roles is limited to Resource construction mapping.  Is there
>
> a way to map or construct a midPoint attribute value directly from the 
> Role?
>
> I could do it from the User Template, but that means I would have to
>
> edit the User Template every time I add a new Role.  I also need to
>
> figure out the conditional structure to evaluate whether a User has a
>
> given Role assigned.
>
> I may be going about this the wrong way and I'm open to any suggestions
>
> about the best way to do this.  Thanks for any ideas!
>
> Brad
>
> _______________________________________________
>
> midPoint mailing list
>
> midPoint at lists.evolveum.com
>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20191206/71f9954b/attachment.htm>


More information about the midPoint mailing list