<div dir="ltr">Hello Pavol,<div><br></div><div>Employee role gives th user accounts in AD and GoogleApps. After he leaves company it is still desired to keep him in AD. So I made mappings which switches employee role with AD and GA accounts for ExEmployee role with only AD account.</div><div><br></div><div>---</div><div><br></div><div>Thanks for advice. I will try it and mail my results.</div><div><br></div><div>Best Regards,</div><div><br></div><div>Oskar</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-30 15:27 GMT+02:00 Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hello Oskar,</p>
<p>I don't quite understand your situation.</p>
<ol>
<li>You create a user of 'employee' type and automatically assign
him Employee role. OK.</li>
<li>Then he leaves the company.</li>
<li>You say that his account is cancelled by assigning
ExpiredEmployee role.</li>
</ol>
<p>Why don't you simply unassign the Employee role?</p>
<p>---</p>
<p>But back to your question: you can simply check all directly
assigned roles by iterating through user.getAssignment() objects
(of AssignmentType), and selecting those with getTargetRef() !=
null and getTargetRef().getType().equals(RoleType.COMPLEX_TYPE).</p>
<p>Best regards,</p>
<p>Pavol<br>
</p><div><div class="h5">
<br>
<div>On 28.06.2016 15:15, Oskar Butovič -
AMI Praha a.s. wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hello All,
<div><br>
</div>
<div>I am trying to check in mapping in user template wether the
user has particular role.</div>
<div><br>
</div>
<div>for example following scenario</div>
<div>i create new user with identityType (extension parameter)
employee. I wan to assign role Employee to users with this
type.</div>
<div>in some time employee leaves company and his account is
cancelled by assigning expiredEmployee role</div>
<div><br>
</div>
<div>i understand that so far it can be made by setting
<authoritative>true</authoritative></div>
<div><br clear="all">
<div>but i also want for this role to be kept when user is
editted ad his identity Type is no longer employee.</div>
<div><br>
</div>
<div>this could be done with
<authoritative>false</authoritative> but it then
prevent prevoius scenario. If i would be able to check
current roles of the user i could accomplish all required
behaviour
with <authoritative>true</authoritative>.</div>
<div><br>
</div>
<div>Do you have any advice or code snippet how to resolve
this problem?</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>Oskar Butovič</div>
<div><br>
-- </div>
<div data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important">
<tbody>
<tr style="padding:0px;margin:0px;border:0px solid gray!important">
<td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray!important">
<p><span style="font-size:14px;font-weight:bold">Oskar
Butovič</span><br>
solution architect<br>
<br>
gsm: <a href="tel:%5B%2B420%5D%20774%20480%20101" value="+420774480101" target="_blank">[+420] 774 480 101</a><br>
e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p>
</td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td>
<td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray!important">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel.: <a href="tel:%5B%2B420%5D%20274%20783%20239" value="+420274783239" target="_blank">[+420] 274 783 239</a><br>
web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p>
</td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td>
<td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;width:116px;border:0px solid gray!important">
<p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p>
</td>
</tr>
<tr style="padding:0px;margin:0px;border:0px solid gray!important">
<td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br>
<a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;min-height:82px!important"></a></td>
</tr>
<tr style="padding:0px;margin:0px;border:0px solid gray!important">
<td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><br>
Textem tohoto e-mailu podepisující
neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud
bude uzavřena, musí mít výhradně
písemnou formu.<br>
<br>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;width:160px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Oskar Butovič</span><br>solution architect<br><br>gsm: [+420] 774 480 101<br>e-mail: <a href="mailto:oskar.butovic@ami.cz" target="_blank">oskar.butovic@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;width:123px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important;width:116px"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="AMI Praha a.s." style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-IdM_1.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><br>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.<br><br></td></tr></tbody></table></div></div></div></div></div></div></div>
</div>