[midPoint] Inheritence of Roles assigned to Org Structure
Patrik Sidler
patrik.sidler at itconcepts.ch
Fri Feb 7 09:51:31 CET 2025
Hi Community,
I am building my Org-Tree by importing Name, ID, Manager and ParentID from a CSV File.
Doring Import, my Org-ObjectTemplate is used to build the Tree (Parent-Child), assign the Manager to each Org and assign the my Org ArcheType.
Now we would assign Roles to Orgs in different places in this Org-Tree and those roles must be applied to all Users in this particular Org and also to all Users that are member of any Org that is below this current Org.
For example, when I assign Role-A to the top Org of our Org Tree, I want all Employees that are member to any of the Orgs below also get Role-A assigned.
Based on the documentstion: https://docs.evolveum.com/midpoint/reference/master/roles-policies/assignment/parentorgref-and-assignments/
I have tried to achive by adding a mapping to my Org-ObjectTemplate that creates an inducement of the ParentOrg to every Org, but at the end my Org-Tree was a big mess.
Here the Mapping that I have added to my OrgObjectTempate:
<mapping>
<name>Parent Child Mapping for Inducement</name>
<authoritative>true</authoritative>
<strength>strong</strength>
<source>
<path>extension/parentId</path>
</source>
<source>
<path>name</path>
</source>
<expression>
<assignmentTargetSearch>
<targetType>c:OrgType</targetType>
<filter>
<q:equal>
<q:path>c:name</q:path>
<expression>
<script>
<code>
parent = parentId
if (!parent) {
return "1"
} else {
return parent
}
</code>
</script>
</expression>
</q:equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>inducement</path>
</target>
</mapping>
Thank you in advance for help or ideas how to proceed with this.
Regards,
Patrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250207/27c373fc/attachment.htm>
More information about the midPoint
mailing list