[midPoint] All induced assignments - example request

Thu May 28 13:50:14 CEST 2020

Hello Petr,

this information is available only during assignment evaluation, i.e. 
during Projector run. It is then serialized in the form of 
roleMembershipRef and related items. The information on the number of 
times any specific role was hit is obviously lost there.

So... if you don't want to run Projector when running the report (I 
would suggest not :)) the only viable approach is to store this 
information in a dedicated extension item.

You could create a mapping in object template (don't forget setting 
afterAssignments phase) that analyzes 
lensContext.evaluatedAssignmentTriple and prepares the necessary 
information for you. Don't forget about redundant role evaluation 
optimization. :) But if your paths are always differing in the first 
assignment (i.e. there are no two paths that have the same first 
assignment in the path) it could work. But it's ugly hacking that could 
break in any upcoming version of midPoint. We cannot commit to any 
stability here.

Or maybe... if you know all roles that induce "B" (i.e. A, C, D, X), why 
not simply counting assignments to these? The assumption is that 
validity and conditions are not blocking the inducement.

Best regards,

Pavol Mederly
Software developer
evolveum.com

On 28/05/2020 11:57, Petr Gašparík - AMI Praha a.s. wrote:
> Hi,
> I would like to get sample code to get all induced assignments, 
> transitively.
> I need to do this in a report, so I need to do that in java collection.
>
> Final code I need to get to work is "how many time the identity has 
> the role assigned indirectly"
> Like this:
>
>   * User -> Role A -inducement-> Role B
>   * User -> Role C -inducement-> Role B
>
> Result:
>
>   * User has Role B indirectly twice
>
> Thank you even for pointing me somewhere (useful) :)
>
> --
>
> best regards
>
> *Petr Gašparík*
> konzultant IT bezpečnosti
>
> gsm: [+420] 603 523 860
> e‑mail: petr.gasparik at ami.cz <mailto:petr.gasparik at ami.cz>
>
> *AMI Praha a.s.*
> Pláničkova 11, 162 00 Praha 6
>
> tel.: [+420] 274 783 239 | web: www.ami.cz <https://www.ami.cz>
>
> AMI Praha a.s.
>
> Textem tohoto e‑mailu podepisující neslibuje uzavřít ani neuzavírá 
> za společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít 
> výhradně písemnou formu.
>
> Tento e‑mail je určen výhradně pro potřeby jeho adresáta/ů a může 
> obsahovat důvěrné nebo osobní
> informace. Nejste‑li zamýšleným příjemcem, je zakázáno jakékoliv 
> zveřejňování, zprostředkování
> nebo jiné použití těchto informací. Pokud jste obdrželi e‑mail 
> neoprávněně, informujte o tom prosím
> odesílatele a vymažte neprodleně všechny kopie tohoto e‑mailu včetně 
> všech jeho příloh. Nakládáním
> s neoprávněně získanými informacemi se vystavujete riziku právního 
> postihu.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200528/b735abe7/attachment.htm>