[midPoint] Howto unassign a role
Rainer Herbst
rainer.herbst at aip.de
Fri Jan 17 13:12:56 CET 2020
Dear all,
again, I am bouncing with my head against a wall and fill so thumb... ;-)
Simple use case - unassociate all Users with the role staff (Mitarbeiter)
from that role.
In the users, the role is assigned:
<assignment id="32">
<metadata>...</metadata>
<targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
relation="org:default" type="c:RoleType">
<!-- Mitarbeiter -->
</targetRef>
<activation>
<administrativeStatus>disabled</administrativeStatus>
<effectiveStatus>disabled</effectiveStatus>
</activation>
</assignment>
I wrote a task that should delete this association. Actually, I took a lot
from the examle
https://github.com/Evolveum/midpoint-samples/blob/a5152f69de6e33949eaceb3889abc9edc0f506ea/samples/tasks/bulk-actions/modify-selected-users-unassign-role.xml:
<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
>
<task>
<name>Unassign "Mitarbeiter" role from all users</name>
<extension>
<scext:executeScript
xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
<s:search
xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
<s:type>c:UserType</s:type>
<s:searchFilter>
<q:ref>
<q:path>assignment/targetRef</q:path>
<q:value oid="9f154c7e-ac7d-4d26-b715-58840e807fea"/>
</q:ref>
</s:searchFilter>
<s:action>
<s:type>modify</s:type>
<s:parameter>
<s:name>delta</s:name>
<c:value xsi:type="t:ObjectDeltaType">
<t:changeType>modify</t:changeType> <!-- this is the default, can be
omitted -->
<!-- objectType and oid are taken from the object being modified -->
<t:itemDelta>
<t:modificationType>delete</t:modificationType>
<t:path>c:assignment</t:path>
<t:value>
<c:targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
relation="org:default" type="c:RoleType"/>
</t:value>
</t:itemDelta>
</c:value>
</s:parameter>
</s:action>
</s:search>
</scext:executeScript>
</extension>
<ownerRef oid="00000000-0000-0000-0000-000000000002"/>
<executionStatus>runnable</executionStatus>
<category>BulkActions</category>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
<recurrence>recurring</recurrence>
</task>
</objects>
In the logs, i see three entries being modified:
2020-01-17 13:00:57,055 [] [midPointScheduler_Worker-4] INFO
(com.evolveum.midpoint.model.impl.scripting.ExecutionContext): Script
console message: Modified user:321afa6d-c3fe-49a5-836c-bb443ff45434(xxxxx)
2020-01-17 13:00:57,163 [] [midPointScheduler_Worker-4] INFO
(com.evolveum.midpoint.model.impl.scripting.ExecutionContext): Script
console message: Modified user:59af0f09-5897-4f45-8e41-4e1e0dce37a8(yyyyyy)
2020-01-17 13:00:57,278 [] [midPointScheduler_Worker-4] INFO
(com.evolveum.midpoint.model.impl.scripting.ExecutionContext): Script
console message: Modified user:b5a0b375-4bc5-4787-8e70-b576ec556022(zzzzzz)
But when I check the entries, the Assignment is still in place.
So what do I miss? Many thanks in advance!
Rainer Herbst
Leiter IT-Service
Phone: +49 331 7499-257
e-mail: rainer.herbst at aip.de
https://www.aip.de
-----------------------------------------------------------------------------------------------
Leibniz-Institut für Astrophysik Potsdam (AIP)
An der Sternwarte 16, 14482 Potsdam
Vorstand: Prof. Dr. Matthias Steinmetz, Matthias Winker
Stiftung bürgerlichen Rechts
Stiftungsverzeichnis Brandenburg: 26 742-00/7026
-----------------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3646 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200117/779263c4/attachment.bin>
More information about the midPoint
mailing list