[midPoint] Roles, Orgs, relations and, probably, orderConstraint

Ivan Noris ivan.noris at evolveum.com
Mon Jan 23 09:10:19 CET 2023 

Hi Yakov,

I was using this for something similar (only members, not managers 
should have a group association given by a metarole in organization unit):

                     <condition>
                         <script>
                             <code>
/* fixes MID-5538 as relation may be null in some waves.
Checking just for ORG_DEFAULT does not work in such cases. This method 
works even if the relation is null.

Credits to P. Mederly
*/

targetRef != null &&
midpoint.relationRegistry.isMember(targetRef.relation) &&
  !midpoint.relationRegistry.isManager(targetRef.relation)
                         </code>
                         </script>
                     </condition>

I was using this condition in my association/outbound element in 
metarole, but you can try it for your case as well.

The original author of this example is noted in the comments :-)

NOTE: I last used/tested this with midPoint 4.4.something.

Best regards,

Ivan

On 22. 1. 2023 17:08, Yakov Revyakin via midPoint wrote:
> Hi friends,
> I have a question about how to assign something a bit unusual.
>
> There is an Org with 2 users. User1 is a member of the Org, User2 is a 
> manager of the Org but isn't a member of it.
> There is a BusinessRole which induces an IT Role to order=2 users.
>
> I'm assigning the BusinessRole to the Org. User1 & User2 are order 2 
> users related to the Business Role (correct?).
>
> Is it possible to differentiate User1 (a member) and User2 (a manager) 
> during assigning the IT Role which happens as result of assigning the 
> BusinessRole to the Org?
>
> So, I'd like to assign the BusinessRole to the Org and have the IT 
> Role assigned to members of the Org only (User1).
>
> Thanks in advance,
> J
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Expert Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230123/2fe50061/attachment.htm>

More information about the midPoint mailing list