<div style="white-space:pre-wrap">Hi Ivan. With the alternative #1 I can see the entitlement provisioned on the resource but I cannot see it under the midpoint GUI on the user panel -> assignments -> cog icon -> show all assignment. <br><br>Regards</div><br><div class="gmail_quote"><div dir="ltr">El El mar, 29 de nov. de 2016 a las 18:26, Ivan Noris <<a href="mailto:ivan.noris@evolveum.com">ivan.noris@evolveum.com</a>> escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<p class="gmail_msg">Hi Nicolas,</p>
<p class="gmail_msg">I have tried to find some time at the evenings, to look for a
problem.</p>
<p class="gmail_msg">The first alternative - ScriptedSQL-Grupo1.xml looks pretty much
same as my roles in one of my projects. If I understand correctly,
you've stated that "It works fine (entitlement is provisioned) but
we cannot see this assignment on the GUI." What do you mean by
"seeing" it? You should see that user has this association (Grupo
1) in Projections/the scriptedsql account/associations part. And
of course in Assignments you should see the "ScriptedSQL-Grupo 1"
role assigned.</p>
<p class="gmail_msg">If you cannot see the "associations" part in GUI with "Grupo 1"
value, can you ensure that the value is really there manually in
the target system and read that user again using midPoint? But as
you stated that this alternative "works (entitlement is
provisioned)", I'm confused.<br class="gmail_msg">
</p>
<p class="gmail_msg">What surprised me is the name of the association attribute
"<ref>ri:GroupObjectClass</ref>" used in inducements.
Do you have the same name configured in the resource object in:</p>
<p class="gmail_msg"> <association></p>
<p class="gmail_msg"> <ref>ri:GroupObjectClass</ref></p>
<p class="gmail_msg">...</p>
<p class="gmail_msg"></association> ? If yes, it's just the name which confuses
me.</p>
<p class="gmail_msg">The alternative ScriptedSQL-Grupo 3 using ScriptedSQL-MetaRole
looks also OK to me. I'm trying to find similar example, but so
far I don't remember any usage of association using
associationFromLink with another association in my projects.<br class="gmail_msg">
</p>
Also ScriptedSQL-Metarole-3.xml looks fine.<br class="gmail_msg">
Are you testing the setup on new users and assigning roles, or you
already have the (former) roles assigned and after that you change
the role definitions? (In the latter case I assume you did also
recompute of that user to apply the changed role definitions.)<br class="gmail_msg">
<br class="gmail_msg">
Anyway, the assignment of ScriptedSQL-Grupo 1 (no metarole) should
work and be displayed in Assignments (as role) and in Projections as
association (Grupo 1).<br class="gmail_msg">
<br class="gmail_msg">
I hope some of my coleagues will also have a good hint, for now I'm
out of ideas but I will try to find some new.<br class="gmail_msg">
<br class="gmail_msg">
Best regards,<br class="gmail_msg">
Ivan</div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg"><br class="gmail_msg">
<br class="gmail_msg">
<div class="m_8910750752243167830moz-cite-prefix gmail_msg">On 11/29/2016 01:06 PM, Nicolas Rossi
wrote:<br class="gmail_msg">
</div>
<blockquote type="cite" class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">HI
Ivan, have you seen something wrong with these configurations
?</div>
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br class="gmail_msg">
</div>
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">Best
regards </div>
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br class="gmail_msg">
</div>
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br class="gmail_msg">
</div>
</div>
<div class="gmail_extra gmail_msg"><br clear="all" class="gmail_msg">
<div class="gmail_msg">
<div class="m_8910750752243167830gmail_signature gmail_msg" data-smartmail="gmail_signature">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg"><font face="arial, helvetica,
sans-serif" class="gmail_msg"><br class="gmail_msg">
<br class="gmail_msg">
<font color="#444444" class="gmail_msg">Ing
Nicolás Rossi</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Identicum
S.A.</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Jorge
Newbery 3226</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Tel:
+54 (11) 4552-3050</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg"><a href="http://www.identicum.com" class="gmail_msg" target="_blank">www.identicum.com</a></font></font><br class="gmail_msg">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="gmail_msg">
<div class="gmail_quote gmail_msg">On Fri, Nov 25, 2016 at 12:56 PM,
Nicolas Rossi <span dir="ltr" class="gmail_msg"><<a href="mailto:nrossi@identicum.com" class="gmail_msg" target="_blank">nrossi@identicum.com</a>></span>
wrote:<br class="gmail_msg">
<blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr" class="gmail_msg">
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi
Ivan, here are the XMLs:</div>
<div class="gmail_default gmail_msg">
<ul class="gmail_msg">
<li class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg">ScriptedSQL-Grupo1.xml: A role with an
association to an entitlement</font></li>
<li class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg">ScriptedSQL-Grupo3.xml: A role with an
assignment to a MetaRole</font></li>
<li class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg">ScriptedSQL-MetaRole-1.xml: First
alternative with another assignment</font></li>
<li class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg">ScriptedSQL-MetaRole-2.xml: Second
alternative with an inducement to Group 3</font></li>
<li class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg">ScriptedSQL-MetaRole-3.xml: Second
alternative with an inducement to Group 1</font></li>
</ul>
<div class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg">Thanks in advance ! </font></div>
<div class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg"><br class="gmail_msg">
</font></div>
<div class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg">Best regards</font></div>
</div>
</div>
<div class="gmail_extra gmail_msg"><span class="gmail_msg"><br clear="all" class="gmail_msg">
<div class="gmail_msg">
<div class="m_8910750752243167830m_-2734819479403348444gmail_signature gmail_msg" data-smartmail="gmail_signature">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg"><font face="arial,
helvetica,
sans-serif" class="gmail_msg"><br class="gmail_msg">
<br class="gmail_msg">
<font color="#444444" class="gmail_msg">Ing
Nicolás Rossi</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Identicum
S.A.</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Jorge
Newbery 3226</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Tel:
+54 (11) 4552-3050</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg"><a href="http://www.identicum.com" class="gmail_msg" target="_blank">www.identicum.com</a></font></font><br class="gmail_msg">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="gmail_msg">
</span>
<div class="gmail_msg">
<div class="m_8910750752243167830h5 gmail_msg">
<div class="gmail_quote gmail_msg">On Thu, Nov 24, 2016 at 6:20
PM, Ivan Noris <span dir="ltr" class="gmail_msg"><<a href="mailto:ivan.noris@evolveum.com" class="gmail_msg" target="_blank">ivan.noris@evolveum.com</a>></span>
wrote:<br class="gmail_msg">
<blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">
<p class="gmail_msg">Hi Nicolas,</p>
<p class="gmail_msg">can you paste the (three) attempts how the
MetaRole looks, anonymized if necessary? Maybe
I will have an idea by looking at it.</p>
<p class="gmail_msg">Regards,</p>
<p class="gmail_msg">Ivan<br class="gmail_msg">
</p>
<div class="gmail_msg">
<div class="m_8910750752243167830m_-2734819479403348444h5 gmail_msg"> <br class="gmail_msg">
<div class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190moz-cite-prefix gmail_msg">On
11/24/2016 09:52 PM, Nicolas Rossi wrote:<br class="gmail_msg">
</div>
<blockquote type="cite" class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi
guys. We are still working on this
issue. We have tried 3 alternatives to
achieve it. All of them working on the
resource MetaRole:</div>
<div class="gmail_default gmail_msg"><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg"><br class="gmail_msg">
</span></div>
<div class="gmail_default gmail_msg"><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg">1)
Add a new association on the
existing inducement constructor
directly to the entitlement on the
resource. It works fine (entitlement
is provisioned) but we cannot see
this assignment on the GUI.</span></div>
<div class="gmail_default gmail_msg">
<div class="gmail_msg"><font color="#444444" face="arial, helvetica,
sans-serif" class="gmail_msg"><br class="gmail_msg">
</font></div>
<span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg">2)
Add an inducement to an existing
role which has an assignment to the
resource MetaRole. I can see the
assignment on the GUI but the
entitlement is not provisioned to
the resource.</span><br class="gmail_msg">
</div>
<div class="gmail_default gmail_msg"><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg"><br class="gmail_msg">
</span></div>
<div class="gmail_default gmail_msg"><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg">3)
Add an inducement to an existing
role which has an inducement with
association to the entitlement on
the resource.</span><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg"> </span><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg">I can
see the assignment on the GUI but
the entitlement is not provisioned
to the resource.</span></div>
<div class="gmail_default gmail_msg"><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg"><br class="gmail_msg">
</span></div>
<div class="gmail_default gmail_msg"><span style="color:rgb(68,68,68);font-family:arial,helvetica,sans-serif" class="gmail_msg">Is
there any other possible
configuration ?</span></div>
<div class="gmail_extra gmail_msg"><br clear="all" class="gmail_msg">
<div class="gmail_msg">
<div class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190gmail_signature gmail_msg" data-smartmail="gmail_signature">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg"><font face="arial,
helvetica,
sans-serif" class="gmail_msg">
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline">Best
regards,</div>
</font></div>
<div dir="ltr" class="gmail_msg"><font face="arial,
helvetica,
sans-serif" class="gmail_msg">
<div class="gmail_default gmail_msg" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68);display:inline"></div>
<br class="gmail_msg">
<br class="gmail_msg">
<font color="#444444" class="gmail_msg">Ing
Nicolás Rossi</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Identicum
S.A.</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Jorge
Newbery 3226</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg">Tel:
+54
(11) 4552-3050</font><br class="gmail_msg">
<font color="#999999" class="gmail_msg"><a href="http://www.identicum.com" class="gmail_msg" target="_blank">www.identicum.com</a></font></font><br class="gmail_msg">
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="gmail_msg">
<div class="gmail_quote gmail_msg">On Mon, Nov
21, 2016 at 5:56 PM, Ana Pereyra <span dir="ltr" class="gmail_msg"><<a href="mailto:apereyra@identicum.com" class="gmail_msg" target="_blank">apereyra@identicum.com</a>></span>
wrote:<br class="gmail_msg">
<blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr" class="gmail_msg">Hi everyone,
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">We are having the following
issue:</div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">We need to assign the role
B to users after being created
in resource A, automatically. </div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">We are using a scripted sql
driver, and a meta role for
creating users and groups in
the database; and role B is a
group in resource A.</div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">We have been trying to
assign indirectly role B to
users using the meta role,
with no luck. Any ideas on how
to approach this?</div>
<div class="gmail_msg"><br class="gmail_msg">
</div>
<div class="gmail_msg">Thanks in advance.</div>
<div class="gmail_msg">Regards</div>
<span class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190HOEnZb gmail_msg"><font color="#888888" class="gmail_msg">
<div class="gmail_msg">
<div class="gmail_msg"><br class="gmail_msg">
</div>
-- <br class="gmail_msg">
<div class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190m_5555873668252606585gmail_signature gmail_msg" data-smartmail="gmail_signature">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg">
<div class="gmail_msg">
<div dir="ltr" class="gmail_msg"><b style="font-size:12.8px" class="gmail_msg">Ana Pereyra</b><br class="gmail_msg">
</div>
<div dir="ltr" class="gmail_msg"><font style="font-size:12.8px" face="verdana, sans-serif" class="gmail_msg"><img src="http://www.identicum.com/img/favicon.ico" class="gmail_msg"> Identicum S.A.<br class="gmail_msg">
<i class="gmail_msg"><font color="#666666" class="gmail_msg">Jorge
Newbery 3226,
Argentina<br class="gmail_msg">
Tel: +54 (11) </font></i></font><font style="font-size:12.8px" color="#666666" face="verdana, sans-serif" class="gmail_msg"><i class="gmail_msg">4552.3050</i></font>
<div style="font-size:12.8px" class="gmail_msg"><font face="verdana,
sans-serif" class="gmail_msg"><i class="gmail_msg"><font size="1" class="gmail_msg"><a href="mailto:apereyra@identicum.com" style="color:rgb(17,85,204)" class="gmail_msg" target="_blank">apereyra@identicum.com</a></font></i><br class="gmail_msg">
<a href="http://www.identicum.com/" style="color:rgb(17,85,204)" class="gmail_msg" target="_blank"><font color="#000000" class="gmail_msg">www.identicum.com</font></a></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</font></span></div>
<br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
midPoint mailing list<br class="gmail_msg">
<a href="mailto:midPoint@lists.evolveum.com" class="gmail_msg" target="_blank">midPoint@lists.evolveum.com</a><br class="gmail_msg">
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br class="gmail_msg">
<br class="gmail_msg">
</blockquote>
</div>
<br class="gmail_msg">
</div>
</div>
<br class="gmail_msg">
<fieldset class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190mimeAttachmentHeader gmail_msg"></fieldset>
<br class="gmail_msg">
<pre class="gmail_msg">_______________________________________________
midPoint mailing list
<a class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190moz-txt-link-abbreviated gmail_msg" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190moz-txt-link-freetext gmail_msg" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div></div><span class="m_8910750752243167830m_-2734819479403348444HOEnZb gmail_msg"><font color="#888888" class="gmail_msg"><pre class="m_8910750752243167830m_-2734819479403348444m_1133232737013364190moz-signature gmail_msg" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" class="gmail_msg" target="_blank">evolveum.com</a>
</pre>
</font></span></div>
_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" class="gmail_msg" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</blockquote></div>
</div></div></div>
</blockquote></div>
</div>
<fieldset class="m_8910750752243167830mimeAttachmentHeader gmail_msg"></fieldset>
<pre class="gmail_msg">_______________________________________________
midPoint mailing list
<a class="m_8910750752243167830moz-txt-link-abbreviated gmail_msg" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_8910750752243167830moz-txt-link-freetext gmail_msg" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="m_8910750752243167830moz-signature gmail_msg" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" class="gmail_msg" target="_blank">evolveum.com</a>
</pre></div>_______________________________________________<br class="gmail_msg">
midPoint mailing list<br class="gmail_msg">
<a href="mailto:midPoint@lists.evolveum.com" class="gmail_msg" target="_blank">midPoint@lists.evolveum.com</a><br class="gmail_msg">
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br class="gmail_msg">
</blockquote></div>