[midPoint] Role Inducements via OrgType Archtype
Pilar von Pilchau Wenzel - AKDB
Pilar-von-Pilchau.Wenzel at akdb.de
Mon Jun 1 11:19:40 CEST 2026
Hi,
I have two questions.
First, I have an organizational structure, and I created an archtype for that. I assigned the archtype to each org unit. So, my basic structure looks like this:
*
TOP -> archtype
*
Level 1 -> archtype
*
Level 2 -> archtype
What I want to achieve is to assign a role "people lead" to a manager of an org unit. To achieve this, I created an inducement like this:
<inducement id="6">
<description>
Grant int:role:people_lead to any user who holds the org:manager relation to an org with this archetype.
</description>
<targetRef oid="b19672ea-66e0-45c2-8565-1715a4e6488f" relation="org:default" type="c:RoleType"/>
<orderConstraint id="9">
<relation>manager</relation>
</orderConstraint>
</inducement>
A manager of org unit: level2 gets an indirect assignment of the people lead role but in the UI I can see three source chains (one from every org unit).
I used this condition to have only one source chain (from level 2):
<condition>
<expression>
<script>
<code>
assignmentPath?.segments?.size() == 3 &&
assignment?.targetRef?.relation?.localPart == 'manager'
</code>
</script>
</expression>
</condition>
I wonder if this is the intended way or if I have some fundamental misunderstandings here?
My second question refers to parametric assignments.
In another org structure I want to assign roles with a parameter that is a reference to the org unit that assigns a role "Application User". I created an archtype again but as far as I noticed I can only use static values in the assignment parameters when using an inducement. I suppose I have to use focusMappings here (with assignmentTargetSearch and populateItem).
Is this the intended way?
Happy for any help here.
Best regards
Dr. Wenzel Pilar von Pilchau
Prozessanalyst
Process Management & Digitalisation
[Mobile] +49 162 2530060
[Email] Pilar-von-Pilchau.Wenzel at akdb.de<mailto:Pilar-von-Pilchau.Wenzel at akdb.de>
AKDB · Anstalt des öffentlichen Rechts
Hansastraße 12-16 · 80686 München
www.akdb.de<https://www.akdb.de/>
[AKDB Logo]
[Great Place to Work Certified]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260601/828f2348/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-Mobile.png
Type: image/png
Size: 404 bytes
Desc: Outlook-Mobile.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260601/828f2348/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-Email.png
Type: image/png
Size: 924 bytes
Desc: Outlook-Email.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260601/828f2348/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-AKDB Logo.png
Type: image/png
Size: 3456 bytes
Desc: Outlook-AKDB Logo.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260601/828f2348/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-Great Plac.png
Type: image/png
Size: 72182 bytes
Desc: Outlook-Great Plac.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260601/828f2348/attachment-0007.png>
More information about the midPoint
mailing list