<div dir="ltr">Hello Pavol,<div><br></div><div>Employee role gives th user accounts in AD and GoogleApps. After he leaves company it is still desired to keep him in AD. So I made mappings which switches employee role with AD and GA accounts for ExEmployee role with only AD account.</div><div><br></div><div>---</div><div><br></div><div>Thanks for advice. I will try it and mail my results.</div><div><br></div><div>Best Regards,</div><div><br></div><div>Oskar</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-30 15:27 GMT+02:00 Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <p>Hello Oskar,</p>
    <p>I don't quite understand your situation.</p>
    <ol>
      <li>You create a user of 'employee' type and automatically assign
        him Employee role. OK.</li>
      <li>Then he leaves the company.</li>
      <li>You say that his account is cancelled by assigning
        ExpiredEmployee role.</li>
    </ol>
    <p>Why don't you simply unassign the Employee role?</p>
    <p>---</p>
    <p>But back to your question: you can simply check all directly
      assigned roles by iterating through user.getAssignment() objects
      (of AssignmentType), and selecting those with getTargetRef() !=
      null and getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).</p>
    <p>Best regards,</p>
    <p>Pavol<br>
    </p><div><div class="h5">
    <br>
    <div>On 28.06.2016 15:15, Oskar Butovič -
      AMI Praha a.s. wrote:<br>
    </div>
    </div></div><blockquote type="cite"><div><div class="h5">
      <div dir="ltr">Hello All,
        <div><br>
        </div>
        <div>I am trying to check in mapping in user template wether the
          user has particular role.</div>
        <div><br>
        </div>
        <div>for example following scenario</div>
        <div>i create new user with identityType (extension parameter)
          employee. I wan to assign role Employee to users with this
          type.</div>
        <div>in some time employee leaves company and his account is
          cancelled by assigning expiredEmployee role</div>
        <div><br>
        </div>
        <div>i understand that so far it can be made by setting
          <authoritative>true</authoritative></div>
        <div><br clear="all">
          <div>but i also want for this role to be kept when user is
            editted ad his identity Type is no longer employee.</div>
          <div><br>
          </div>
          <div>this could be done with
            <authoritative>false</authoritative> but it then
            prevent prevoius scenario. If i would be able to check
            current roles of the user i could accomplish all required
            behaviour
            with <authoritative>true</authoritative>.</div>
          <div><br>
          </div>
          <div>Do you have any advice or code snippet how to resolve
            this problem?</div>
          <div><br>
          </div>
          <div>Regards</div>
          <div><br>
          </div>
          <div>Oskar Butovič</div>
          <div><br>
            -- </div>
          <div data-smartmail="gmail_signature">
            <div dir="ltr">
              <div>
                <div dir="ltr">
                  <div>
                    <div dir="ltr">
                      <div dir="ltr">
                        <table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important">
                          <tbody>
                            <tr style="padding:0px;margin:0px;border:0px solid gray!important">
                              <td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray!important">
                                <p><span style="font-size:14px;font-weight:bold">Oskar
                                    Butovič</span><br>
                                  solution architect<br>
                                  <br>
                                  gsm: <a href="tel:%5B%2B420%5D%20774%20480%20101" value="+420774480101" target="_blank">[+420] 774 480 101</a><br>
                                  e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p>
                              </td>
                              <td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td>
                              <td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td>
                              <td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray!important">
                                <p>AMI Praha a.s.<br>
                                  Pláničkova 11<br>
                                  162 00 Praha 6<br>
                                  tel.: <a href="tel:%5B%2B420%5D%20274%20783%20239" value="+420274783239" target="_blank">[+420] 274 783 239</a><br>
                                  web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p>
                              </td>
                              <td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td>
                              <td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td>
                              <td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;width:116px;border:0px solid gray!important">
                                <p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p>
                              </td>
                            </tr>
                            <tr style="padding:0px;margin:0px;border:0px solid gray!important">
                              <td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br>
                                <a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;min-height:82px!important"></a></td>
                            </tr>
                            <tr style="padding:0px;margin:0px;border:0px solid gray!important">
                              <td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><br>
                                Textem tohoto e-mailu podepisující
                                neslibuje uzavřít ani neuzavírá za
                                společnost AMI Praha a.s.<br>
                                jakoukoliv smlouvu. Každá smlouva, pokud
                                bude uzavřena, musí mít výhradně
                                písemnou formu.<br>
                                <br>
                              </td>
                            </tr>
                          </tbody>
                        </table>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <br>
      </div></div><pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
  </div>

<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Oskar Butovič</span><br>solution architect<br><br>gsm: [+420] 774 480 101<br>e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important">   </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important">   </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important;width:116px"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><br></td></tr></tbody></table></div></div></div></div></div></div></div>
</div>