<div dir="ltr">Hi, this is indeed very nice and advanced business logic.<div><br></div><div>I would suggest you try dropping the meta role completely and use organization to induce the logic. <span style="font-size:12.8px">If you need higher level of abstraction, you can imagine orgs (e.g. root) as meta roles and put logic there.</span></div><div><br></div><div>Something like<span style="font-size:12.8px"> (</span>but Im not sure how will <span style="font-size:12.8px">focusAssignment behave)</span>:</div><div><br></div><div><div style="font-size:12.8px"><b>Org XML:</b></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><div><org></div><div> <name>MEGC</name></div><div>...</div><div><div style="font-size:12.8px"> <inducement id="4"></div><div style="font-size:12.8px"> <targetRef oid="00000000-0000-1de4-0004-0<wbr>00000000011" type="c:RoleType"></targetRef></div><div style="font-size:12.8px"> <focusType>UserType</focusType<wbr>></div><div style="font-size:12.8px"> <condition></div><div style="font-size:12.8px"> <source></div><div style="font-size:12.8px"> <c:path>$focusAssignment/exten<wbr>sion/metaRelation</c:path></div><div style="font-size:12.8px"> </source></div><div style="font-size:12.8px"> <expression></div><div style="font-size:12.8px"> <script></div><div style="font-size:12.8px"> <code>metaRelation == 'TEACHER'</code></div><div style="font-size:12.8px"> </script></div><div style="font-size:12.8px"> </expression></div><div style="font-size:12.8px"> </condition></div><div style="font-size:12.8px"> </inducement></div></div><div>...</div><div></org></div><div><br></div></div><div>Regards, M.</div></div><div class="gmail_extra"><br clear="all"><div><div class="m_4797137835438593034gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="2" style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Martin Lízner</span><br>solution architect<br><br>gsm: <a href="tel:+420%20737%20745%20571" value="+420737745571" target="_blank">[+420] 737 745 571</a><br>e-mail: <a href="mailto:jmeno.prijmeni@ami.cz" target="_blank">martin.lizner@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: <a href="tel:+420%20274%20783%20239" value="+420274783239" target="_blank">[+420] 274 783 239</a><br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="" style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.skyidentity.com/" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="font-family:Arial,sans-serif;padding:0px;border:0px solid gray!important"><br></td></tr></tbody></table>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.</td></tr></tbody></table></div><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote">2016-12-29 19:25 GMT+01:00 Martin Marchese <span dir="ltr"><<a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi All,<div><br></div><div>We have a role model designed as it follows:</div><div><br></div><div>Users are assigned to an Org (the AssignmentType is extended with metaRelation attribute). This Org, has a Meta Role assigned.<br><br>Based on the value of the metaRelation attribute (STUDENT or TEACHER) the Meta Role induces a Role (order 2 inducement) to the user.</div><div><br></div><div>These induced roles have their own inducements, to resources (OpenLDAP, google apps, office 365, etc).</div><div><br></div><div>Once a user is assigned to an Org, it receives the inderect assignment based on the metaRelation attribute value. However, it's not receiving the resource inducements, hence, the accounts are not being created in the resources.</div><div><br></div><div>Any idea if this is normal behavior or if we are missing something? </div><div><br></div><div>Below are examples of how our objects look like.</div><div><br></div><div><b>Org XML:</b></div><div><br></div><div><div><org></div><div> <name>MEGC</name></div><div>...</div><div> <assignment id="1"></div><div> <targetRef oid="00000000-0000-1de4-0004-0<wbr>00000000099" type="c:RoleType"></targetRef></div><div> </assignment></div><div>...</div><div></org></div></div><div><br></div><div><b>Meta Role XML:</b></div><div><br></div><div><div><role></div><div> <name>META_ROLE</name></div><div> ...</div><div> <inducement id="4"></div><div> <targetRef oid="00000000-0000-1de4-0004-0<wbr>00000000011" type="c:RoleType"></targetRef></div><div> <order>2</order></div><div> <focusType>UserType</focusType<wbr>></div><div> <condition></div><div> <source></div><div> <c:path>$focusAssignment/exten<wbr>sion/metaRelation</c:path></div><div> </source></div><div> <expression></div><div> <script></div><div> <code>metaRelation == 'TEACHER'</code></div><div> </script></div><div> </expression></div><div> </condition></div><div> </inducement></div><div>...</div><div></role></div></div><div><br></div><div><b>Induced Role:</b></div><div><br></div><div><div><role></div><div> <name>TEACHER</name></div><div>...</div><div> <inducement id="1"></div><div> <construction></div><div> <resourceRef oid="00000000-0000-1de4-0002-0<wbr>00000000002" type="c:ResourceType"></resour<wbr>ceRef></div><div> <kind>account</kind></div><div> </construction></div><div> </inducement></div><div>...</div><div></role></div></div><div><br></div><div>Thanks in Advance</div><div><br></div><div><div><div class="m_4797137835438593034m_8624053858543491069gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span></span><span></span>Ing. Martín Marchese</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br>Jorge Newbery 3226<br>Tel: <a href="tel:+54%2011%204552-3050" value="+541145523050" target="_blank">+54 (11) 4552-3050</a><br><a href="mailto:mmarchese@identicum.com" target="_blank">mmarchese@identicum.com</a><br><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></div></div></div></div></div></div></div></div></div></div></div>
</div></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div>