[midPoint] Assignment and unassignment of organizational units

Jonathan Hill jhill at exclamationlabs.com
Wed Oct 20 17:11:40 CEST 2021 

Hey Oliver,

I would try adding assignmentProperties in your assignmentTargetSearch to allow a clear set of what can be removed.

...
    <assignmentProperties>
	<subtype>hrFeed</subtype>
    </assignmentProperties>
</assignmentTargetSearch>

...

<set>
	<condition>
		<script>
			<code>
				return input.subtype.contains("hrFeed")
		 	</code>
		</script>
	</condition>
</set>

Jonathan Hill
Exclamation Labs
300 Washington Street
Cumberland, MD  21502
jhill at exclamationlabs.com <mailto:jhill at exclamationlabs.com>
www.exclamationlabs.com <http://www.exclamationlabs.com/>

> On Oct 20, 2021, at 10:29 AM, Oliver Schonefeld via midPoint <midpoint at lists.evolveum.com> wrote:
> 
> Hello,
> 
> I am running midPoint 4.3.1 and am trying to automatically assign and unassign organizational units to user accounts. I have modelled the organizational structure of our institute in midpoint. Organizational unit membership is governed by a HR feed (modeled as CVS resource) and user accounts should be assigned or unassigned to org units depending on the information of the hr feed.
> 
> I've manged to get the initial assignment of org units to work by adding an inbound mapping to the schema handling section of the HR csv resource:
>  <!-- ... -->
>  <inbound>
>    <authoritative>true</authoritative>
>    <expression>
>      <assignmentTargetSearch>
>        <targetType>OrgType</targetType>
>        <filter>
>          <q:equal>
>            <q:path>identifier</q:path>
>            <expression>
>              <path>$input</path>
>            </expression>
>          </q:equal>
>        </filter>
>      </assignmentTargetSearch>
>    </expression>
>    <target>
>      <path>assignment</path>
>    </target>
>  </inbound>
>  <!-- ... -->
> 
> However, if I move a user in my HR feed to another org unit, the new unit gets assigned to the user (e.g. in reconciliation or live sync), but the old unit is never unassigned.
> 
> If I set
>  <set>
>    <predefined>all</predefined>
>  </set>
> in <target>, midPoint correctly sets the org units, but also removed all other assignments, e.g. manual requested or auto-assigned roles, etc.
> 
> Ideally, I'd like midpoint to only touch the org unit assignments when something changes in the HR feed.
> 
> Has anybody some ideas or useful insights, how I can accomplish this goal?
> 
> 
> Thank you and best regards
>  Oliver
> -- 
> Oliver Schonefeld
> Leibniz-Institut für Deutsche Sprache, Informationstechnik (IT)
> R5, 6-13, D-68161 Mannheim
> +49-(0)621-1581-168 | http://www.ids-mannheim.de
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20211020/ace41b43/attachment.htm>

More information about the midPoint mailing list