[midPoint] Query for all useres not assigned to a role

[Guckenbiehl, Gabriel]

Dear community,

Is there a way to construct a query returning all users who have been not
directly assigned to a certain role?

<query>
    <filter>
       <not>
           <ref>
               <path>assignment/targetRef</path>
               <value oid="00000000-0000-0000-0000-000000000004"/>
           </ref>
        </not>
    </filter>
</query>

Returns all users that have any assignment which is not to the specific
role. And it returns them once for each such assignment. The same is
returned by 

<query>
   <filter>
      <not>
         <exists>
            <path>assignment</path>
            <filter>
               <ref>
                  <path>targetRef</path>
                  <value oid="00000000-0000-0000-0000-000000000004"/>
               </ref>
            </filter>
         </exists>
      </not>
   </filter>
</query>

Which seems counterintuitive to me at least, because it inverts the not ->
exists statement to exists -> not.

Background information: I want to implement a notification service which
informs all members of one role 30 days before expiration date, unless they
are assigned to another role (think of students who should get the
notification only if they are not employees).

Thanks for answering

Gabriel

Gabriel Guckenbiehl, M.Sc.
Zentrum für Informations- und Mediendienste (ZIM)
Universität Duisburg Essen
Schützenbahn 70
45127 Essen
Telefon: +49 (201) 183-3346

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6342 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210803/366b2b56/attachment.bin>