[midPoint] bulk unassign deleted role or org

Alcides Moraes alcides.neto at gmail.com
Wed Jan 10 23:22:13 CET 2024 

Hello Markus,

We have a task that runs daily and deletes assignments to deleted objects

Here’s the groovy script we use:


    import com.evolveum.midpoint.xml.ns._public.common.common_3.*
    import com.evolveum.midpoint.prism.delta.builder.*
    import com.evolveum.midpoint.model.api.*
    import javax.xml.namespace.QName

    def assignmentsToDelete = []

    for (a in input.assignment) {
        if (a.targetRef != null) {
            def ot = midpoint.resolveReferenceIfExists(a.targetRef)
            if (ot == null) {
                def removeAssignment = new AssignmentType()
                removeAssignment.id = a.id
                assignmentsToDelete.add removeAssignment.asPrismContainerValue()
            }
        }
    }
    if (!assignmentsToDelete.empty) {
        def delta = prismContext.deltaFor(FocusType.class).item(FocusType.F_ASSIGNMENT).delete(assignmentsToDelete).asObjectDelta(input.oid)
        midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())
    }

> Em 10 de jan. de 2024, à(s) 11:50, Markus Calmius via midPoint <midpoint at lists.evolveum.com> escreveu:
> 
> Hi,
> 
> is it possible, and if so, can anyone guide me on how to unassign all roles (or orgs) that has been deleted*. 
> 
> I've been trying to use the bulk script actions, but I cannot figure out how to figure out how to compose the filter.
> All my tests end up with either a stack-trace or "There are no roles nor resources to unassign and no filter is specified"
> 
> What I got working was the example:
> <s:action>
>     <s:type>unassign</s:type>
>     <s:parameter>
>         <s:name>role</s:name>
>         <c:value xsi:type="xsd:string”>OID</c:value>
>     </s:parameter>
> </s:action>
> But that take one OID, and... I need to have at least a list, but preferably something even smarter.
> 
> I tried to do something like this:
> <s:action>
>     <s:type>unassign</s:type>
>     <s:parameter>
>         <s:name>filter</s:name>
>         <s:searchFilter>
>             <q:inOid>
>                 <q:value>fef34a49-f7d4-4a68-97ee-cb240fe13022</q:value>
>                 <q:value>f379d31e-6990-4226-8007-932b9676a8ff</q:value>
>             </q:inOid>
>         </s:searchFilter>
>     </s:parameter>
> </s:action>
> But cannot get any thing to work.
> 
> Anyway, any pointers is greatly appreciated.
> 
> 
> * I know there is a message saying this role/org has members, do you still want to etc. 
> 
> Markus
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240110/62d66a85/attachment.htm>

More information about the midPoint mailing list