[midPoint] bulk unassign deleted role or org

Paul Caskey pcaskey at internet2.edu
Wed Jan 10 15:57:21 CET 2024 

This is the <activity> section from a I task I used to unassign all orgs from all users with existing assignments.  After running that, I let midPoint put back what was supposed to be there.

Maybe it will help you…


    <activity>
        <work>
            <iterativeScripting>
                <objects>
                    <type>UserType</type>
                    <query> <!-- to process only relevant users -->
                        <q:filter>
                            <q:text>assignment/targetRef matches (targetType = OrgType)</q:text>
                        </q:filter>
                    </query>
                </objects>
                <scriptExecutionRequest>
                    <s:unassign>
                        <s:filter>
                            <q:text>targetRef matches (targetType = OrgType)</q:text>
                        </s:filter>
                    </s:unassign>
                </scriptExecutionRequest>
            </iterativeScripting>
        </work>
    </activity>



From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Markus Calmius via midPoint
Sent: Wednesday, January 10, 2024 8:51 AM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Markus Calmius <markus.calmius at proton.ch>
Subject: [midPoint] bulk unassign deleted role or org

Hi,

is it possible, and if so, can anyone guide me on how to unassign all roles (or orgs) that has been deleted*.

I've been trying to use the bulk script actions, but I cannot figure out how to figure out how to compose the filter.
All my tests end up with either a stack-trace or "There are no roles nor resources to unassign and no filter is specified"

What I got working was the example:

<s:action>

    <s:type>unassign</s:type>

    <s:parameter>

        <s:name>role</s:name>

        <c:value xsi:type="xsd:string”>OID</c:value>

    </s:parameter>

</s:action>
But that take one OID, and... I need to have at least a list, but preferably something even smarter.

I tried to do something like this:

<s:action>
    <s:type>unassign</s:type>
    <s:parameter>
        <s:name>filter</s:name>
        <s:searchFilter>
            <q:inOid>
                <q:value>fef34a49-f7d4-4a68-97ee-cb240fe13022</q:value>
                <q:value>f379d31e-6990-4226-8007-932b9676a8ff</q:value>
            </q:inOid>
        </s:searchFilter>
    </s:parameter>
</s:action>
But cannot get any thing to work.

Anyway, any pointers is greatly appreciated.


* I know there is a message saying this role/org has members, do you still want to etc.

Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240110/383617f5/attachment-0001.htm>

More information about the midPoint mailing list