[midPoint] SubjectToObject association with attributes in MidPoint 4.8.
Kulheim Petr
Petr.Kulheim at ibacz.eu
Mon Apr 14 16:53:02 CEST 2025
Hello.
Is there any good way to get (and to provision to resource) account group/role association with attributes, e.g. with attributes from activation
from respective role assignment (validFrom, validTo, ...).
I mean there is a SAP resource connected with SAP connector
https://docs.evolveum.com/connectors/connectors/com.evolveum.polygon.connector.sap.SapConnector/
with association definition
<association>
<ref>ri:roles</ref>
<displayName>Activity group (role) Membership</displayName>
<tolerant>false</tolerant>
<kind>entitlement</kind>
<intent>roles</intent>
<direction>subjectToObject</direction>
<associationAttribute>ri:ACTIVITYGROUPS.AGR_NAME</associationAttribute>
<valueAttribute>icfs:uid</valueAttribute>
</association>
where we are getting list of roles' uids a user has assigned,
but we would need provision more , some activation attributes of this association/assignment as well, e.g. validTo value.
Is it somehow possible do it in Midpoint 4.8. ? Some custom attribute filled with some script/expression ?
For Midpoint 4.9. it seems there is an experimental feature called "complex association" described in
https://docs.evolveum.com/midpoint/reference/support-4.9/resources/entitlements/
which promises such feature out of the box, I guess.
I appreciate any hint.
Thx a lot.
Petr Kulheim
Java developer
IBA CZ, s.r.o.
Radlická 751/113e, Praha 5
Office: Křenová 72, 602 00 Brno
Phone: +420 603272826
E-mail: petr.kulheim at ibacz.eu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250414/8fd8b0dd/attachment.htm>
More information about the midPoint
mailing list