<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi,</p>
<p>there might be a way how to do this in object template, but it
could be complicated.<br>
</p>
<p>I would probably try metarole instead:</p>
<p>1. all organizations should have a metarole assigned (not
induced)<br>
</p>
<p>2. roles STUDENT and TEACHER will be defined by you to do
whatever needed for users<br>
</p>
<p>3. the metarole would have two order=2 inducements for users
which have the organization assigned. One of the inducement would
induce the STUDENT role if the assignment parameter metaRelation
for "this" organization is STUDENT. The other would assign the
TEACHER role if the assignment parameter for "this" organization
is TEACHER. The inducements would be indirect, i.e. you would not
see the STUDENT/TEACHER role assigned in user's Assignments tab <b>(this
may or may not be a problem for you)</b>.<br>
</p>
<p>Technically it would mean that one person with 20 organizations
assigned as TEACHER would end with 20 assignments of the same role
TEACHER, but I believe that midPoint will "normalize" this and
only one role TEACHER would be assigned in real.</p>
<p>The metarole should look similar to this (untested):</p>
<p><role ...></p>
<p> <name>Teacher/Student Org Metarole</name></p>
<p> <inducement><br>
<targetRef oid="00000000-dc00-dc00-0004-000000000078"
type="c:RoleType"><!-- STUDENT --></targetRef></p>
<p> <condition><br>
<source><br>
<path>$focusAssignment/xyz:metaRelation</path><!--
xyz is your namespace --><br>
</source><br>
<expression><br>
<script><br>
<code>metaRelation ==
'STUDENT'</code><br>
</script><br>
</expression><br>
</condition></p>
<p> <focusType>c:UserType</focusType><!-- to
apply only to users even if organization is assigned to another
organization --><br>
</p>
<p> <order>2</order><!-- to apply to users
which have the organization assigned --><br>
</p>
<p> </inducement><br>
</p>
<p> <inducement><br>
<targetRef oid="00000000-dc00-dc00-0004-000000000111"
type="c:RoleType"><!-- TEACHER --></targetRef></p>
<p> <condition><br>
<source><br>
<path>$focusAssignment/xyz:metaRelation</path><!--
xyz your namespace --><br>
</source><br>
<expression><br>
<script><br>
<code>metaRelation ==
'TEACHER'</code><br>
</script><br>
</expression><br>
</condition></p>
<p> <focusType>c:UserType</focusType></p>
<p> <order>2</order><br>
</p>
<p> </inducement><br>
</role></p>
<p>I hope I'm correct. I have done similar stuff, but not this
specific one.</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 11/18/2016 06:44 PM, Martin Marchese
wrote:<br>
</div>
<blockquote
cite="mid:CAG3rmdpejpo0xZLOyE-0ad2VcoEZ4VHViRACz_KxzH92doJMTg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Ivan thanks for your answer,
<div><br>
</div>
<div>Yes that's correct, they should be assigned without any
parameters based on the org assignment types.</div>
<div><br>
</div>
<div>Regards</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Jorge Newbery 3226<br>
Tel: +54 (11) 4552-3050<br>
<a moz-do-not-send="true"
href="mailto:mmarchese@identicum.com"
target="_blank">mmarchese@identicum.com</a><br>
<a moz-do-not-send="true"
href="http://www.identicum.com"
target="_blank">www.identicum.com</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Fri, Nov 18, 2016 at 12:34 PM, Ivan
Noris <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hi Martin,</p>
<p>the STUDENT and TEACHER roles are "static" in means of
assignment parameters? They are (should be) just
assigned without any parameters whenever used has any
org with STUDENT-type assignment or any role with
TEACHER-type assignment?</p>
<p><br>
</p>
Ivan
<div>
<div class="h5"><br>
<br>
<div class="m_-3711948596778577785moz-cite-prefix">On
11/16/2016 08:37 PM, Martin Marchese wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hi All,
<div><br>
</div>
<div>We had our AssignmentType extended with a
"metaRelation" extension property.</div>
<div><br>
</div>
<div>Users are assigned to an OrgType</div>
<div><br>
</div>
<div>Our OrgType represent schools and within this
"metaRelation" property, we store wether the
assigned user is a STUDENT or a TEACHER.</div>
<div><br>
</div>
<div>Besides, we have 2 Roles (STUDENT and TEACHER
roles).</div>
<div><br>
</div>
<div>We would like to use our user template to
assign the corresponding role to the user based
on shich "metaRelation" it has within the Org.</div>
<div><br>
</div>
<div>Users could be STUDENT and/or TEACHER on more
than one Org, so while the user has at least one
of this assignments, it needs to have the
corresponding role assigned.</div>
<div><br>
</div>
<div>We are thinking if there's a way to query the
user Org assignments within the template and use
it as source for the target role assignment.</div>
<div><br>
</div>
<div>Is this the best/correct way to do it? Do you
recommend any other way?</div>
<div><br>
</div>
<div>Thanks in Advance</div>
<div>Regards,</div>
<div><br clear="all">
<div>
<div
class="m_-3711948596778577785gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b><span></span><span></span>Ing.
Martín Marchese</b><br>
<img
moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico">Identicum
S.A.<br>
Jorge Newbery 3226<br>
Tel: +54 (11) 4552-3050<br>
<a moz-do-not-send="true"
href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br>
<a moz-do-not-send="true"
href="http://www.identicum.com" target="_blank">www.identicum.com</a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="m_-3711948596778577785mimeAttachmentHeader"></fieldset>
<br>
</div>
</div>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" class="m_-3711948596778577785moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="m_-3711948596778577785moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<pre class="m_-3711948596778577785moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span></div>
______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a>
</blockquote></div>
</div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre></body></html>