[midPoint] bulk unassign deleted role or org

Ivan Noris ivan.noris at evolveum.com
Thu Jan 11 13:09:04 CET 2024 

Hi Markus,

I recommend to also read/try policy rule to delete member assignments 
when role/org is deleted from midPoint.

Please see 
https://docs.evolveum.com/midpoint/reference/support-4.8/synchronization/linked-objects/scenario-5-deletion-safe-organizations/

There are some limitations though, please read them on the page as well. 
Improvements are possible.

Best regards,

Ivan

On 10. 1. 2024 15:50, Markus Calmius via midPoint wrote:
> Hi,
>
> is it possible, and if so, can anyone guide me on how to unassign all 
> roles (or orgs) that has been deleted*.
>
> I've been trying to use the bulk script actions, but I cannot figure 
> out how to figure out how to compose the filter.
> All my tests end up with either a stack-trace or "There are no roles 
> nor resources to unassign and no filter is specified"
>
> What I got working was the example:
>
> <s:action>
>
> <s:type>unassign</s:type>
>
> <s:parameter>
>
> <s:name>role</s:name>
>
> <c:value xsi:type="xsd:string”>OID</c:value>
>
> </s:parameter>
>
> </s:action>
>
> But that take one OID, and... I need to have at least a list, but 
> preferably something even smarter.
>
> I tried to do something like this:
> ||
> <s:action>     <s:type>unassign</s:type>     <s:parameter>         <s:name>filter</s:name>         <s:searchFilter>             <q:inOid>               
>   <q:value>fef34a49-f7d4-4a68-97ee-cb240fe13022</q:value>                 <q:value>f379d31e-6990-4226-8007-932b9676a8ff</q:value>             </q:inOid>         </s:searchFilter>     
> </s:parameter> </s:action>
> But cannot get any thing to work.
>
> Anyway, any pointers is greatly appreciated.
>
>
> * I know there is a message saying this role/org has members, do you 
> still want to etc.
>
> Markus
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-- 

Best Regards,

*Ivan Noris* | Expert Identity Engineer

<https://evolveum.com/>
ivan.noris at evolveum.com | www.evolveum.com <http://www.evolveum.com/>

Evolveum at TIIME 2024 <https://tiime-unconference.eu/>

Evolveum LinkedIn <https://www.linkedin.com/company/evolveum> Evolveum 
Twitter <https://twitter.com/evolveum> Evolveum Facebook 
<https://www.facebook.com/evolveum>

Disclaimer: The contents of this e-mail and attachment(s) thereto are 
confidential and intended for the named recipient(s) only. It shall not 
attach any liability on the originator or Evolveum s.r.o. or its 
affiliates. Any views or opinions presented in this email are solely 
those of the author and may not necessarily reflect the opinions of 
Evolveum s.r.o. or its affiliates. Any form of reproduction, 
dissemination, copying, disclosure, modification, distribution and / or 
publication of this message without the prior written consent of the 
author of this e-mail is strictly prohibited. If you have received this 
email in error please delete it and notify the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240111/b9e75ecf/attachment.htm>

More information about the midPoint mailing list