[midPoint] Modelling many part-time contracts for a single identity
Alcides Carlos de Moraes Neto
alcides.neto at gmail.com
Tue Mar 19 21:29:59 CET 2019
I guess I would create the contracts as OrgTypes, with the contract
managers assigned as such in midPoint, and all identities of that contract
grouped there.
Then use the contract in orgRef or tenantRef assignment fields. I'm not
sure if this is possible in the self service/shopping cart screen.
Finally, configure the approval process to ask for approval of manager of
orgRef/tenantRef assignment. Again, not sure if possible, but I guess it is.
I guess item b) would need a daily scheduled script to check whether the
assignment's orgRef is still valid; if not, remove it.
Em qua, 20 de fev de 2019 às 07:09, Arnošt Starosta - AMI Praha a.s. <
arnost.starosta at ami.cz> escreveu:
> Hi all,
>
> a bit more generic modelling question - some of my clients have many
> identities with several part-time contracts, e.g. you work in several
> locations over the week under specific contracts.
>
> How would you solve this in midpoint?
>
> Common use cases are
>
> a) select a contract for every role assignment request, approve the
> request by the manager of the selected contract only
>
> b) when the contract ends, remove all role assignments approved for that
> contract
>
> Creating one identity per contract is not an option, business reasons,
> e.g. accounts and authorizations in end systems are logicaly bound to the
> identity, not to the contracts. Using personas does not work either,
> technical reasons, personas seem to be static but the number of contracts
> is unbounded.
>
> My approach so far is creating a new role for each identity-contract pair.
> But just adding this role as a mandatory field to role assignment requests
> in gui and model seems to be a lot of work (current development and future
> upgrades).
>
> Do you know any other options to work with?
>
> arnost
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz
>
> [image: AMI Praha a.s.]
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního postihu.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190319/9c652eca/attachment.htm>
More information about the midPoint
mailing list