[midPoint] Association construction for multi-account resources
Om Bhallamudi
om.bhallamudi at proton.ch
Tue Jun 3 16:00:49 CEST 2025
Hi Pavol,
On Tuesday, 3 June 2025 at 13:58, Pavol Mederly via midPoint <midpoint at lists.evolveum.com> wrote:
> I am quite surprised you have different tags for groups. Usually, they are used for accounts. What is your use case?
Thanks for clearing that up. I am using tags for the accounts, but want to assign different entitlements to the accounts:
- Accounts: account-1 (tag: abc), account-2 (tag: gpo)
- Roles:
- abc-account:
- Construct account with tag "abc-account"
- gpo-account
- Construct account with tag "gpo-account"
- ent-1:
- Construct entitlement ent-1 on resource
- Inducement: Associate account with tag: abc with ent-1
- ent-2:
- Construct entitlement ent-2 on resource
- Inducement: Associate account with tag: gpo with ent-2
- Expected output
- Accounts:
- account-1, attributes: entitlements = [ "ent-1"]
- account-2, attributes: entitlements = [ "ent-2"]
- Entitlements:
- ent-1
- ent-2
FYI I am using tags for (abc, gpo) and not intents because I'd like the values to be dynamic..
Om Bhallamudi
Proton AG
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250603/0a5a3e0a/attachment.htm>
More information about the midPoint
mailing list