[midPoint] Role/Service autoassignment
Pavol Mederly
mederly at evolveum.com
Mon Sep 16 10:27:56 CEST 2019
Hello Chris, Arnošt,
> I don't believe there is other way to do this right now, but please
> anybody proove me wrong.
*Arnošt:* You are absolutely right, as far as the current status of
midPoint is concerned.
User assignments are updated only when users are (re)computed. So
there's no way how to do this as part of processing of the service.
The model hook is a way to go, as you suggested.
(https://wiki.evolveum.com/display/midPoint/Scripting+Hooks)
*Chris:* you can choose between directly recomputing the old/new
holders, or just creating a trigger on these user objects, to be
recomputed by the Trigger scanner task. The latter option is useful if
you want to Service operation finish quickly (e.g. if the user
operations take a longer time because of resources involved).
You can even try to use
https://wiki.evolveum.com/display/midPoint/Policy+Rules: something like
"if extension/rsBadgeAssignee changes, execute specified bulk action".
(But I am not quite sure about the exact configuration.)
Nevertheless, if you'd need any help, just let us know.
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 16.09.2019 10:13, Arnošt Starosta - AMI Praha a.s. wrote:
> Hi Chris,
>
> you can intercept the extension/rsBadgeAssignee change in a hook and
> based on it's old and new values find the two employees and explicitly
> recompute just them. With your assignment in user template this will
> do the job. I would try a final hook for the service type.
>
> And as the recompute may fail, you want to make sure to recompute the
> failed users in the future - either recompute all of them once in a
> while or run a specialized task to find badges assigned to wrong
> employees etc.
>
> I don't believe there is other way to do this right now, but please
> anybody proove me wrong.
>
> The autoassignment wont help you, the users must still be recomputed
> and it comes with a performace price on top. But when i need to access
> the attributes of both roles and focus objects in assignments, i use
> the assignmentPath and related variables, see midpoint wiki.
>
> arnost
>
> so 14. 9. 2019 v 11:02 odesílatel Chris Woods
> <Chris.Woods at rohde-schwarz.com <mailto:Chris.Woods at rohde-schwarz.com>>
> napsal:
>
> Hi everyone,
>
> I’m probably thinking about this completely the wrong way, but
> here goes anyway:
>
> I have a company ID card system that we originally had setup so
> that when reconciling, the badge would appear as a projection for
> the user (when the employeeID for the badge matched the
> $focus/name of the user). However, we now have a requirement to
> store more data about the badge than the id card system provides,
> so I modified the synchronisation setup to create a FocusType of
> Service. This service is assigned an archetype “Company ID card”.
>
> All is working well – A service for each card in the card database
> was created with the appropriate archetype.
>
> However, I can’t seem to find a way to automatically assign the
> service to the user based on the employeeID which is now stored in
> the service as extension/rsBadgeAssignee.
>
> I tried to do the assignment in the User object template, which
> worked – as long as I actually opened the user and recomputed
> them. Day cards are transferred from person to person, so I don’t
> want to have to update 14,000 Users, just because one card has
> transferred ownership. If I just modified the rsBadgeAssignee in
> the card service object, nothing happened to either the previous
> owner (removal) or the new owner (assignment).
>
> I then tried autoassign in the archetype. All the examples for
> autoassignment use some kind of constant like ‘internal’ or ‘FTE’
> to be present in the focal object (user). What I couldn’t work out
> how to do was something like this:
>
> <autoassign>
>
> <enabled>true</enabled>
>
> <focus>
>
> <mapping>
>
> <name>Badge autoassign</name>
>
> <strength>strong</strength>
>
> <source>
>
> <path>$focus/name</path> <-- the employeeID of the user -->
>
> </source>
>
> <source>
>
> <path>$this/extension/rsBadgeAssignee</path> <-- trying to
> reference rsBadgeAssignee in service itself –->
>
> </source>
>
> <condition>
>
> <script>
>
> <code>basic.stringify(name).equals(rsBadgeAssignee)</code>
>
> </script>
>
> </condition>
>
> </mapping>
>
> </focus>
>
> </autoassign>
>
> This throws an error, because there is no rsBadgeAsignee attribute
> in the focus (User), but how do I reference “this” (i.e. the
> service itself) in the condition?
>
> I hope all this was not too confusing and appreciate any help!
>
> Regards,
>
> Chris
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> --
>
> *Arnošt Starosta*
> solution architect
>
> gsm: [+420] 603 794 932
> e‑mail: arnost.starosta at ami.cz <mailto:arnost.starosta at ami.cz>
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz <https://www.ami.cz>
>
> AMI Praha a.s.
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního
> postihu.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190916/f95ee6fc/attachment.htm>
More information about the midPoint
mailing list