<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Nicolas,</p>
<p>I have tried to find some time at the evenings, to look for a
problem.</p>
<p>The first alternative - ScriptedSQL-Grupo1.xml looks pretty much
same as my roles in one of my projects. If I understand correctly,
you've stated that "It works fine (entitlement is provisioned) but
we cannot see this assignment on the GUI." What do you mean by
"seeing" it? You should see that user has this association (Grupo
1) in Projections/the scriptedsql account/associations part. And
of course in Assignments you should see the "ScriptedSQL-Grupo 1"
role assigned.</p>
<p>If you cannot see the "associations" part in GUI with "Grupo 1"
value, can you ensure that the value is really there manually in
the target system and read that user again using midPoint? But as
you stated that this alternative "works (entitlement is
provisioned)", I'm confused.<br>
</p>
<p>What surprised me is the name of the association attribute
"<ref>ri:GroupObjectClass</ref>" used in inducements.
Do you have the same name configured in the resource object in:</p>
<p> <association></p>
<p> <ref>ri:GroupObjectClass</ref></p>
<p>...</p>
<p></association> ? If yes, it's just the name which confuses
me.</p>
<p>The alternative ScriptedSQL-Grupo 3 using ScriptedSQL-MetaRole
looks also OK to me. I'm trying to find similar example, but so
far I don't remember any usage of association using
associationFromLink with another association in my projects.<br>
</p>
Also ScriptedSQL-Metarole-3.xml looks fine.<br>
Are you testing the setup on new users and assigning roles, or you
already have the (former) roles assigned and after that you change
the role definitions? (In the latter case I assume you did also
recompute of that user to apply the changed role definitions.)<br>
<br>
Anyway, the assignment of ScriptedSQL-Grupo 1 (no metarole) should
work and be displayed in Assignments (as role) and in Projections as
association (Grupo 1).<br>
<br>
I hope some of my coleagues will also have a good hint, for now I'm
out of ideas but I will try to find some new.<br>
<br>
Best regards,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 11/29/2016 01:06 PM, Nicolas Rossi
wrote:<br>
</div>
<blockquote
cite="mid:CAAxX8cgYrqasn--e_f7yUSdqKZOd4DKGKHdTCVXo-YcAryM41Q@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">HI
Ivan, have you seen something wrong with these configurations
?</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">Best
regards </div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font
face="arial, helvetica,
sans-serif"><br>
<br>
<font color="#444444">Ing
Nicolás Rossi</font><br>
<font color="#999999">Identicum
S.A.</font><br>
<font color="#999999">Jorge
Newbery 3226</font><br>
<font color="#999999">Tel:
+54 (11) 4552-3050</font><br>
<font color="#999999"><a
moz-do-not-send="true"
href="http://www.identicum.com"
target="_blank">www.identicum.com</a></font></font><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Fri, Nov 25, 2016 at 12:56 PM,
Nicolas Rossi <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi
Ivan, here are the XMLs:</div>
<div class="gmail_default">
<ul>
<li><font color="#444444" face="arial, helvetica,
sans-serif">ScriptedSQL-Grupo1.xml: A role with an
association to an entitlement</font></li>
<li><font color="#444444" face="arial, helvetica,
sans-serif">ScriptedSQL-Grupo3.xml: A role with an
assignment to a MetaRole</font></li>
<li><font color="#444444" face="arial, helvetica,
sans-serif">ScriptedSQL-MetaRole-1.xml: First
alternative with another assignment</font></li>
<li><font color="#444444" face="arial, helvetica,
sans-serif">ScriptedSQL-MetaRole-2.xml: Second
alternative with an inducement to Group 3</font></li>
<li><font color="#444444" face="arial, helvetica,
sans-serif">ScriptedSQL-MetaRole-3.xml: Second
alternative with an inducement to Group 1</font></li>
</ul>
<div><font color="#444444" face="arial, helvetica,
sans-serif">Thanks in advance ! </font></div>
<div><font color="#444444" face="arial, helvetica,
sans-serif"><br>
</font></div>
<div><font color="#444444" face="arial, helvetica,
sans-serif">Best regards</font></div>
</div>
</div>
<div class="gmail_extra"><span class=""><br clear="all">
<div>
<div class="m_-2734819479403348444gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font
face="arial,
helvetica,
sans-serif"><br>
<br>
<font
color="#444444">Ing
Nicolás Rossi</font><br>
<font
color="#999999">Identicum
S.A.</font><br>
<font
color="#999999">Jorge
Newbery 3226</font><br>
<font
color="#999999">Tel:
+54 (11) 4552-3050</font><br>
<font
color="#999999"><a
moz-do-not-send="true" href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</span>
<div>
<div class="h5">
<div class="gmail_quote">On Thu, Nov 24, 2016 at 6:20
PM, Ivan Noris <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ivan.noris@evolveum.com"
target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hi Nicolas,</p>
<p>can you paste the (three) attempts how the
MetaRole looks, anonymized if necessary? Maybe
I will have an idea by looking at it.</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<div>
<div class="m_-2734819479403348444h5"> <br>
<div
class="m_-2734819479403348444m_1133232737013364190moz-cite-prefix">On
11/24/2016 09:52 PM, Nicolas Rossi wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi
guys. We are still working on this
issue. We have tried 3 alternatives to
achieve it. All of them working on the
resource MetaRole:</div>
<div class="gmail_default"><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default"><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif">1)
Add a new association on the
existing inducement constructor
directly to the entitlement on the
resource. It works fine (entitlement
is provisioned) but we cannot see
this assignment on the GUI.</span></div>
<div class="gmail_default">
<div><font color="#444444"
face="arial, helvetica,
sans-serif"><br>
</font></div>
<span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif">2)
Add an inducement to an existing
role which has an assignment to the
resource MetaRole. I can see the
assignment on the GUI but the
entitlement is not provisioned to
the resource.</span><br>
</div>
<div class="gmail_default"><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default"><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif">3)
Add an inducement to an existing
role which has an inducement with
association to the entitlement on
the resource.</span><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif"> </span><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif">I can
see the assignment on the GUI but
the entitlement is not provisioned
to the resource.</span></div>
<div class="gmail_default"><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default"><span
style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif">Is
there any other possible
configuration ?</span></div>
<div class="gmail_extra"><br clear="all">
<div>
<div
class="m_-2734819479403348444m_1133232737013364190gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font
face="arial,
helvetica,
sans-serif">
<div
class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline">Best
regards,</div>
</font></div>
<div dir="ltr"><font
face="arial,
helvetica,
sans-serif">
<div
class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline"></div>
<br>
<br>
<font
color="#444444">Ing
Nicolás Rossi</font><br>
<font
color="#999999">Identicum
S.A.</font><br>
<font
color="#999999">Jorge
Newbery 3226</font><br>
<font
color="#999999">Tel:
+54
(11) 4552-3050</font><br>
<font
color="#999999"><a
moz-do-not-send="true" href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Mon, Nov
21, 2016 at 5:56 PM, Ana Pereyra <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:apereyra@identicum.com"
target="_blank">apereyra@identicum.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Hi everyone,
<div><br>
</div>
<div>We are having the following
issue:</div>
<div><br>
</div>
<div>We need to assign the role
B to users after being created
in resource A, automatically. </div>
<div><br>
</div>
<div>We are using a scripted sql
driver, and a meta role for
creating users and groups in
the database; and role B is a
group in resource A.</div>
<div><br>
</div>
<div>We have been trying to
assign indirectly role B to
users using the meta role,
with no luck. Any ideas on how
to approach this?</div>
<div><br>
</div>
<div>Thanks in advance.</div>
<div>Regards</div>
<span
class="m_-2734819479403348444m_1133232737013364190HOEnZb"><font
color="#888888">
<div>
<div><br>
</div>
-- <br>
<div
class="m_-2734819479403348444m_1133232737013364190m_5555873668252606585gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><b
style="font-size:12.8px">Ana Pereyra</b><br>
</div>
<div dir="ltr"><font
style="font-size:12.8px" face="verdana, sans-serif"><img
moz-do-not-send="true"
src="http://www.identicum.com/img/favicon.ico"> Identicum S.A.<br>
<i><font
color="#666666">Jorge
Newbery 3226,
Argentina<br>
Tel: +54 (11) </font></i></font><font
style="font-size:12.8px" color="#666666" face="verdana, sans-serif"><i>4552.3050</i></font>
<div
style="font-size:12.8px"><font
face="verdana,
sans-serif"><i><font
size="1"><a
moz-do-not-send="true"
href="mailto:apereyra@identicum.com" style="color:rgb(17,85,204)"
target="_blank">apereyra@identicum.com</a></font></i><br>
<a
moz-do-not-send="true"
href="http://www.identicum.com/" style="color:rgb(17,85,204)"
target="_blank"><font
color="#000000">www.identicum.com</font></a></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span></div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com"
target="_blank">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset
class="m_-2734819479403348444m_1133232737013364190mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" class="m_-2734819479403348444m_1133232737013364190moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="m_-2734819479403348444m_1133232737013364190moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a>
</pre>
</blockquote>
</div></div><span class="m_-2734819479403348444HOEnZb"><font color="#888888"><pre class="m_-2734819479403348444m_1133232737013364190moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span></div>
______________________________<wbr>_________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a>
</blockquote></div>
</div></div></div>
</blockquote></div>
</div>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre></body></html>