<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="RU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Sorry, I didn’t catch what exactly would be feasible? Hundreds of mappings in object template or mappings in roles? In
the latter case is there going to be a mapping inside a role or anything else? What about dynamic assignment target search based on attribute value in object templates? However, there will be a problem: how do we determine when an object (user) fulfils a condition
and when he doesn’t. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#1F497D">Ilya Dorofeev<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> midPoint [mailto:midpoint-bounces@lists.evolveum.com]
<b>On Behalf Of </b>Radovan Semancik<br>
<b>Sent:</b> Thursday, March 17, 2016 11:34 AM<br>
<b>To:</b> midpoint@lists.evolveum.com<br>
<b>Subject:</b> Re: [midPoint] Dynamic Role Assignment<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">That's right.<br>
<br>
Our conclusion is that this would be feasible. There is probably very slight performance hit, but it is more than justified by the benefits in manageability and flexibility. I like this idea.<br>
<br>
However, the part of midPoint roadmap that Evolveum is sponsoring is currently full. Therefore the only practical way how to get this feature in a near future is to sponsor it or develop it yourself.<br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Radovan Semancik<o:p></o:p></pre>
<pre>Software Architect<o:p></o:p></pre>
<pre>evolveum.com<o:p></o:p></pre>
<p class="MsoNormal"><br>
<br>
<br>
On 03/16/2016 05:37 PM, Ivan Noris wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">I have not found the issue in JIRA, but I remember we were discussing it at the start of December 2015.<br>
Anyway I've created <a href="https://jira.evolveum.com/browse/MID-2840">https://jira.evolveum.com/browse/MID-2840</a> to track the feature.<br>
<br>
To increase the priority of the implementation, the usual options are: <a href="https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature">
https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature</a> <o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
Best regards,<br>
Ivan<br>
<br>
On 03/16/2016 04:19 PM, Дорофеев Илья wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Hi Ivan,</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">What if I have plenty of employee types (say, 100) in my trusted identity source? Do I have to create a hundred of mappings
in object template in order to assign a corresponding role for each employeeType? I anticipate the performance of clockwork will suffer in such a case.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">__________________________</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt">Ilya Dorofeev</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> midPoint [<a href="mailto:midpoint-bounces@lists.evolveum.com">mailto:midpoint-bounces@lists.evolveum.com</a>]
<b>On Behalf Of </b>Ivan Noris<br>
<b>Sent:</b> Saturday, March 12, 2016 8:31 PM<br>
<b>To:</b> midPoint General Discussion <a href="mailto:midpoint@lists.evolveum.com">
<midpoint@lists.evolveum.com></a><br>
<b>Subject:</b> Re: [midPoint] Dynamic Role Assignment</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">Hi Gauri,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">this is easily possible using Object Templates.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Please refer to one or our samples for example:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://github.com/Evolveum/midpoint/blob/master/samples/objects/user-template-complex.xml">https://github.com/Evolveum/midpoint/blob/master/samples/objects/user-template-complex.xml</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <!-- RB-RBAC functionality. The Pirate role is automatically assigned based on the value of employeeType property
<span lang="EN-US">--><br>
<mapping><br>
<source><br>
<path>employeeType</path><br>
</source><br>
<expression><br>
<value><br>
<assignment><br>
<targetRef oid="12345678-d34d-b33f-f00d-987987987988" type="RoleType"/><br>
</assignment><br>
</value> <br>
</expression><br>
<target><br>
<path>assignment</path><br>
</target><br>
<condition><br>
<script><br>
<language></span><a href="http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy%3C/language"><span lang="EN-US">http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language</span></a><span lang="EN-US">><br>
<code>employeeType == 'PIRATE'</code><br>
</script><br>
</condition><br>
</mapping></span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Ivan<o:p></o:p></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<blockquote style="border:none;border-left:solid #1010FF 1.5pt;padding:0cm 0cm 0cm 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><b><span lang="EN-US" style="font-family:"Helvetica",sans-serif">From:
</span></b><span lang="EN-US" style="font-family:"Helvetica",sans-serif">"GAURI SHIRSATH" <</span><span style="font-family:"Helvetica",sans-serif"><a href="mailto:gauri15.shirsath@gmail.com">gauri15.shirsath@gmail.com</a></span><span lang="EN-US" style="font-family:"Helvetica",sans-serif">><br>
<b>To: </b></span><span style="font-family:"Helvetica",sans-serif"><a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a></span><span lang="EN-US" style="font-family:"Helvetica",sans-serif"><br>
<b>Sent: </b>Saturday, March 12, 2016 8:14:01 AM<br>
<b>Subject: </b>[midPoint] Dynamic Role Assignment</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif">Hi,</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif">Can you please guide me for how to assign a role to user dynamically based on some attribute value?</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif">Like, if my data is coming in to midpoint from CSV file and I want to assign a user role based on some attribute value.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif">Thank you,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.5pt;font-family:"Helvetica",sans-serif">Gauri</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif"><br>
</span><span lang="EN-US" style="font-family:"Helvetica",sans-serif">_______________________________________________<br>
midPoint mailing list<br>
</span><span style="font-family:"Helvetica",sans-serif"><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a></span><span lang="EN-US" style="font-family:"Helvetica",sans-serif"><br>
</span><span style="font-family:"Helvetica",sans-serif"><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a></span><o:p></o:p></p>
</blockquote>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> Ing. Ivan Noris<br>
Senior Identity Management Engineer & IDM Architect<br>
evolveum.com evolveum.com/blog/<br>
___________________________________________________<br>
"Semper ID(e)M Vix."<br>
<br>
<br>
<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre> Ing. Ivan Noris<o:p></o:p></pre>
<pre> Senior Identity Management Engineer & IDM Architect<o:p></o:p></pre>
<pre> evolveum.com evolveum.com/blog/<o:p></o:p></pre>
<pre> ___________________________________________________<o:p></o:p></pre>
<pre> "Semper ID(e)M Vix."<o:p></o:p></pre>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
</body>
</html>