[midPoint] Howto unassign a role
Rainer Herbst
rainer.herbst at aip.de
Tue Jan 21 09:33:59 CET 2020
Hi Ivan,
thanks for your hint.
The Role was given as an assignemt during a recalculation task on a input
resource.
Fancy, it is now working with two itemDelta in one task:
<s:action>
<s:type>modify</s:type>
<s:parameter>
<s:name>delta</s:name>
<c:value xsi:type="t:ObjectDeltaType">
<t:changeType>modify</t:changeType> <!-- this is the default, can be
omitted -->
<!-- objectType and oid are taken from the object being modified -->
<t:itemDelta>
<t:modificationType>delete</t:modificationType>
<t:path>c:assignment</t:path>
<t:value>
<c:targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
relation="org:default" type="c:RoleType"/>
<activation>
<administrativeStatus>disabled</administrativeStatus>
<effectiveStatus>disabled</effectiveStatus>
</activation>
</t:value>
</t:itemDelta>
<t:itemDelta>
<t:modificationType>delete</t:modificationType>
<t:path>c:assignment</t:path>
<t:value>
<c:targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
relation="org:default" type="c:RoleType"/>
<activation>
<effectiveStatus>disabled</effectiveStatus>
</activation>
</t:value>
</t:itemDelta>
</c:value>
</s:parameter>
</s:action>
Nevertheless, this is somewhat confusing... ;-)
Best regards,
On Mon, 20 Jan 2020 14:29:15 +0100
Ivan Noris <ivan.noris at evolveum.com> wrote:
> Hi Rainer,
>
> just a stupid question: the role was assigned manually or by object
> template?
>
> Isn't there perhaps still a mapping that assigns it back?
>
> I think you can test it from Role - Members and try to unassign the
>role
> from your member there. If the behaviour is the same, maybe midpoint
> just keeps assigning the role...
>
> Best regards,
>
> Ivan
>
> On 17. 1. 2020 13:12, Rainer Herbst wrote:
>> Dear all,
>>
>> again, I am bouncing with my head against a wall and fill so
>>thumb... ;-)
>>
>> Simple use case - unassociate all Users with the role staff
>> (Mitarbeiter) from that role.
>>
>> In the users, the role is assigned:
>> <assignment id="32">
>> <metadata>...</metadata>
>> <targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
>> relation="org:default" type="c:RoleType">
>> <!-- Mitarbeiter -->
>> </targetRef>
>> <activation>
>> <administrativeStatus>disabled</administrativeStatus>
>> <effectiveStatus>disabled</effectiveStatus>
>> </activation>
>> </assignment>
>>
>> I wrote a task that should delete this association. Actually, I took
>>a
>> lot from the examle
>> https://github.com/Evolveum/midpoint-samples/blob/a5152f69de6e33949eaceb3889abc9edc0f506ea/samples/tasks/bulk-actions/modify-selected-users-unassign-role.xml:
>>
>>
>> <objects
>> xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>
>>xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
>> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>
>>xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
>>>
>>
>> <task>
>> <name>Unassign "Mitarbeiter" role from all users</name>
>> <extension>
>> <scext:executeScript
>> xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
>> <s:search
>> xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
>> <s:type>c:UserType</s:type>
>> <s:searchFilter>
>> <q:ref>
>> <q:path>assignment/targetRef</q:path>
>> <q:value oid="9f154c7e-ac7d-4d26-b715-58840e807fea"/>
>> </q:ref>
>> </s:searchFilter>
>> <s:action>
>> <s:type>modify</s:type>
>> <s:parameter>
>> <s:name>delta</s:name>
>> <c:value xsi:type="t:ObjectDeltaType">
>> <t:changeType>modify</t:changeType> <!-- this is the default, can
>> be omitted -->
>> <!-- objectType and oid are taken from the object being modified
>>-->
>> <t:itemDelta>
>> <t:modificationType>delete</t:modificationType>
>> <t:path>c:assignment</t:path>
>> <t:value>
>> <c:targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
>> relation="org:default" type="c:RoleType"/>
>> </t:value>
>> </t:itemDelta>
>> </c:value>
>> </s:parameter>
>> </s:action>
>> </s:search>
>> </scext:executeScript>
>> </extension>
>> <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
>> <executionStatus>runnable</executionStatus>
>> <category>BulkActions</category>
>>
>> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
>> <recurrence>recurring</recurrence>
>> </task>
>> </objects>
>>
>>
>> In the logs, i see three entries being modified:
>> 2020-01-17 13:00:57,055 [] [midPointScheduler_Worker-4] INFO
>> (com.evolveum.midpoint.model.impl.scripting.ExecutionContext):
>>Script
>> console message: Modified
>> user:321afa6d-c3fe-49a5-836c-bb443ff45434(xxxxx)
>> 2020-01-17 13:00:57,163 [] [midPointScheduler_Worker-4] INFO
>> (com.evolveum.midpoint.model.impl.scripting.ExecutionContext):
>>Script
>> console message: Modified
>> user:59af0f09-5897-4f45-8e41-4e1e0dce37a8(yyyyyy)
>> 2020-01-17 13:00:57,278 [] [midPointScheduler_Worker-4] INFO
>> (com.evolveum.midpoint.model.impl.scripting.ExecutionContext):
>>Script
>> console message: Modified
>> user:b5a0b375-4bc5-4787-8e70-b576ec556022(zzzzzz)
>>
>> But when I check the entries, the Assignment is still in place.
>>
>> So what do I miss? Many thanks in advance!
>>
>>
>> Rainer Herbst
>> Leiter IT-Service
>> Phone: +49 331 7499-257
>> e-mail: rainer.herbst at aip.de
>> https://www.aip.de
>>
>> -----------------------------------------------------------------------------------------------
>>
>> Leibniz-Institut für Astrophysik Potsdam (AIP)
>> An der Sternwarte 16, 14482 Potsdam
>>
>> Vorstand: Prof. Dr. Matthias Steinmetz, Matthias Winker
>> Stiftung bürgerlichen Rechts
>> Stiftungsverzeichnis Brandenburg: 26 742-00/7026
>> -----------------------------------------------------------------------------------------------
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
Rainer Herbst
Leiter IT-Service
Phone: +49 331 7499-257
e-mail: rainer.herbst at aip.de
https://www.aip.de
-----------------------------------------------------------------------------------------------
Leibniz-Institut für Astrophysik Potsdam (AIP)
An der Sternwarte 16, 14482 Potsdam
Vorstand: Prof. Dr. Matthias Steinmetz, Matthias Winker
Stiftung bürgerlichen Rechts
Stiftungsverzeichnis Brandenburg: 26 742-00/7026
-----------------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3646 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200121/cbd6f81a/attachment.bin>
More information about the midPoint
mailing list