[midPoint] automatically unassign all roles on disable
Markus Calmius
markus.calmius at proton.ch
Thu Oct 12 11:58:42 CEST 2023
Hi,
I am trying to figure out how to make sure all roles are unassigned when a user is removed or disabled from HR.
I've found: https://docs.evolveum.com/midpoint/reference/concepts/clockwork/scripting-hooks/ which contain Example 1 that should do the trick.
Although, it doesn't quite work on 4.7.2 it seems, I get: "Expression error: Groovy Evaluation Failed: No such property: ContainerDelta for class: (new)_"
Two questions:
- is there an easier way?
- trying to figure out what is wrong is not super easy, it's been years since I actually coded. Any guidance is greatly appreciated. I assume the createModificationDelete has changed some input parameters
I'm testing the script in the query playground with one disabled user.
<expression>
<script>
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
import com.evolveum.midpoint.prism.*;
UserType user = (UserType) midpoint.searchObjectByName(UserType.class, '<redacted username>');
ActivationStatusType administrativeStatus = user.getActivation().getEffectiveStatus();
if (administrativeStatus == ActivationStatusType.DISABLED) {
for (AssignmentType assign : user.getAssignment()) {
changed = false;
assignmentDelta = ContainerDelta.createModificationDelete(UserType.F_ASSIGNMENT, UserType.class, prismContext, assign.clone());
modelContext.getFocusContext().swallowToSecondaryDelta(assignmentDelta);
changed = true;
}
if (changed) {
modelContext.rot(); // this makes Projector to recompute the model context
}
}
</code>
</script>
</expression>
Thanks in Advance
Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20231012/c99469bb/attachment.htm>
More information about the midPoint
mailing list