<div dir="ltr">Hi Ivan<div><br></div><div>Thanks for the information, I will try this, between you have mentioned that <span style="font-family:arial,sans-serif;font-size:13px">doing this on a role level is not i</span>mplemented yet in GUI but is there any API which can do this?</div><div><br></div><div>I was thinking to write a client which can perform this operation for specific role.</div><div><br></div><div><br></div><div><br></div><div>Regards</div><div>Dharmendra</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 26, 2014 at 2:13 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Dharmendra,<br>
<br>
GUI part for doing this on a role level is planned, not implemented
yet.<br>
<br>
It is however possible with User Recomputation Task. The task
(without any query conditions) can be created from Server Tasks -
New Task menu. It will process all user and recompute them. The task
can be scheduled, e.g. to run once a day.<br>
<br>
You can also create User Recomputation Task with conditions/query,
if you want to recompute only users with some role assigned. Be
adwised this currently works only if the role is assigned directly,
not as a subrole of other role:<br>
<br>
<task<br>
xmlns=<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a><br>
xmlns:xsi=<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">"http://www.w3.org/2001/XMLSchema-instance"</a><br>
xmlns:xsd=<a href="http://www.w3.org/2001/XMLSchema" target="_blank">"http://www.w3.org/2001/XMLSchema"</a>><br>
<br>
<name>User Recompute - having role <b>00000000-0000-0000-0000-000000000008</b></name><br>
<extension
xmlns:q=<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">"http://prism.evolveum.com/xml/ns/public/query-3"</a>><br>
<mext:objectQuery
xmlns:mext=<a href="http://midpoint.evolveum.com/xml/ns/public/model/extension-3" target="_blank">"http://midpoint.evolveum.com/xml/ns/public/model/extension-3"</a>><br>
<q:filter><br>
<q:ref>
<br>
<q:path>assignment/targetRef</q:path>
<br>
<q:value>
<br>
<oid><b>00000000-0000-0000-0000-000000000008</b></oid>
<br>
<type>RoleType</type>
<br>
</q:value>
<br>
</q:ref><br>
</q:filter><br>
</mext:objectQuery><br>
</extension><br>
<ownerRef oid="00000000-0000-0000-0000-000000000002"/><br>
<executionStatus>runnable</executionStatus><br>
<handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/recompute/handler-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/synchronization/task/recompute/handler-3</a></handlerUri><br>
<recurrence>single</recurrence><br>
<binding>tight</binding><br>
</task><br>
<br>
Replace the <oid>..</oid> with the oid of the role you
wish to recompute and import this task using Configuration - Import
object - Embedded editor - paste this example. The task will execute
immediately.<br>
<br>
NB: the ..00008 oid je End User role, I've tested if the task is
importable. It is.<br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 11/26/2014 08:04 AM, dharmendra
parakh wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Ivan/ Pavol
<div><br>
</div>
<div>Thanks for the information, i tried it and it works well.
but rather than doing it at user level i would like to do it
at role level.</div>
<div><br>
</div>
<div>For example:</div>
<div>- I change a role definition - added an additional group
assignment </div>
<div>- Now i want to propagate this change to all the member
users.</div>
<div>- If i go and do this at user level it is not scalable.</div>
<div><br>
</div>
<div>So is there any way where we can say recompute all the user
accounts affected by the change in role definition?</div>
<div><br>
</div>
<div>Regards</div>
<div>Dharmendra</div>
<div>
<div><br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 25, 2014 at 7:49 PM, Ivan
Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hi,<span><br>
<br>
<div><br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi
<div><br>
</div>
<div>- How can we recompute the account?</div>
<div>- Yes, after changing the role newly members
get correct groups.</div>
<div><br>
</div>
</div>
</blockquote>
<br>
</span> For one single user, it should be sufficient to:<br>
- go to Users<br>
- find your user<br>
- click the "wheel" icon in the user line and select
"Reconcile"<br>
<br>
The same should be possible for multiple selected users,
using the "wheel" icon in the user list header (the same
option "Reconcile").<br>
<br>
Be adwised, all roles assigned to selected user(s) will be
recomputed.<br>
<br>
Regards,<br>
Ivan
<div>
<div><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>Regards</div>
<div>Dharmendra</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Nov 25, 2014 at
7:01 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:pavol.mederly@gmail.com" target="_blank">pavol.mederly@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Dharmendra,<br>
<br>
after changing the role, user accounts
have to be recomputed for the change to be
applied onto the resource.<br>
<br>
A quick check: if you create a new user
and assign him this modified role, is the
group membership OK for the newly created
account?<br>
<br>
Best regards,<br>
Pavol <br>
<div>
<div> <br>
On 25. 11. 2014 12:14, dharmendra
parakh wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Hi
<div><br>
</div>
<div>Thanks for the information, I
didn't get chance to go through
these documents but i will look
into this for sure. </div>
<div>What i understand is i can not
modify the groups assigned as role
inducement from GUI.</div>
<div><br>
</div>
<div>I tried changing the groups
from xml but then this change is
not enforced to member users
account. I need it for my project
for which i am evaluating
midpoint, how can i do that?</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>Dharmendra</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sun, Nov
23, 2014 at 2:32 AM, Pavol Mederly
<span dir="ltr"><<a href="mailto:pavol.mederly@gmail.com" target="_blank">pavol.mederly@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Dharmendra,<br>
<br>
thank you for the
explanation.<br>
<br>
Currently, GUI allows only
to change "regular"
attributes of induced
accounts (directly when
creating the inducement, or
later when editing it by
clicking on "Show empty"
button and changing what you
need*).<br>
<br>
If you want to work with
associations, you have to
write it in XML, e.g. via <b>Con</b><b>figuration->Repository
objects</b> page.<br>
<br>
For an example, please see
e.g. <a href="https://wiki.evolveum.com/display/midPoint/Assignment+Configuration#AssignmentConfiguration-EntitlementAssociations" target="_blank">https://wiki.evolveum.com/display/midPoint/Assignment+Configuration#AssignmentConfiguration-EntitlementAssociations</a>.<br>
<br>
But before trying that, I
would strongly recommend
reading about the concept of
entitlements, starting here:<br>
<a href="https://wiki.evolveum.com/display/midPoint/Entitlements" target="_blank">https://wiki.evolveum.com/display/midPoint/Entitlements</a><br>
and then about assignments:
<a href="https://wiki.evolveum.com/display/midPoint/Assignment" target="_blank">https://wiki.evolveum.com/display/midPoint/Assignment</a><br>
and <a href="https://wiki.evolveum.com/display/midPoint/Assignment+Configuration" target="_blank">https://wiki.evolveum.com/display/midPoint/Assignment+Configuration</a><br>
<br>
Anyway, if you would have
any questions, we're here to
help.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
(*) Due to a bug in GUI,
attribute changes are
applied, but are not shown
back in GUI. But they can be
seen via Repository objects
page. Hope we'll fix that
soon.<br>
---
<div>
<div><br>
On 22. 11. 2014 19:50,
dharmendra parakh wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Hi <span style="font-family:arial,sans-serif;font-size:13px">Pavol</span>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">What
i have done is
pretty straight
forward, I have
configured a role
to induce an ldap
resource using GUI
(PFA).</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">So
as per my
understanding when
i add this
resource to role
inducement all the
role members will
get this resource
provisioned, I
have tested this
and it is working
very well.</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Now
i want to change
the resource data
which i provided
while adding this
resource
inducement to role
for example
container or group
assignment
information. I am
not sure how can i
do this.</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Thanks!</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">Dharmendra</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Sat, Nov 22, 2014 at
10:52 PM, Pavol
Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hello
Dharmendra,<br>
<br>
I'm not sure
what exactly
you have done
and what you
would like to
achieve.<br>
<br>
You've created
a role and
configured it
to induce an
LDAP resource.
Did you do
this using a
GUI or via
XML? <br>
If via GUI,
please send
here a
screenshot
what have you
done and what
you want to
achieve.<br>
If via XML,
please do the
same (sending
here
appropriate
pieces of your
XML
configuration).<br>
<br>
Best regards,<br>
Pavol Mederly
<div>
<div><br>
<br>
On 22. 11.
2014 11:33,
dharmendra
parakh wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hi
Everyone
<div><br>
</div>
<div>I just
downloaded and
started
learning
midpoint for
my personal
learning
purpose. I
really liked
it and I am
very excited
to learn using
it.</div>
<div><br>
</div>
<div>I have a
question about
inducements in
midpoint.</div>
<div><br>
</div>
<div>I have
created a role
and configured
it to induce a
ldap resource
with some ldap
groups. Now I
want to change
the configured
groups/resource
information
but i could
not find the
way to do it.</div>
<div><br>
</div>
<div>Can you
help me doing
this or there
is no such
implementation
in midpoint
currently.</div>
<div>Please
help me with
this let me
know if you
need more
information on
this.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks</div>
<div>Dharmendra
Parakh</div>
<div><a href="tel:%2B91-9730648544" value="+919730648544" target="_blank">+91-9730648544</a></div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing
list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
</div>
<span><font color="#888888">
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
_____________________________________________
"Semper Id(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>