<div dir="ltr">Hi, auto clean works just for projections, Im not sure whether it is supposed to work for assignments and inducements too. In order to clean missing assignments to roles and orgs I coded following custom task. M.<div><br></div><div><div><c:task xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3">http://prism.evolveum.com/xml/ns/public/query-3</a>" xmlns:xsd="<a href="http://www.w3.org/2001/XMLSchema">http://www.w3.org/2001/XMLSchema</a>"></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:name>Purge user assignments (roles, orgs)</c:name></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:description>This tasks removes from users all targetRef assignments (roles and orgs) that cannot be resolved. E.g. assigned role object has been deleted and user object points to its OID.</c:description></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:extension></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><scext:executeScript xmlns:scext="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3</a>"></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><s:pipeline xmlns:s="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">http://midpoint.evolveum.com/xml/ns/public/model/scripting-3</a>"></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <s:expression xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="s:SearchExpressionType"></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <s:type>UserType</s:type></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <s:query></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span><q:filter></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span><q:equal></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span><q:path>name</q:path></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span><q:value>user12345</q:value></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span></q:equal></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span></q:filter></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </s:query><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </s:expression></div><div> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span><s:expression xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="s:ActionExpressionType"></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <s:type>execute-script</s:type></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <s:parameter></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <s:name>script</s:name></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <c:value xsi:type="c:ScriptExpressionEvaluatorType" xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <c:code></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> import com.evolveum.midpoint.xml.ns._public.common.common_3.*</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> import com.evolveum.midpoint.prism.delta.builder.*</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> import com.evolveum.midpoint.model.api.*</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> def assignmentsToDel = []</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> for (a in input.assignment) {</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>if (a.targetRef == null) {</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>continue; // this is resource assignment construction, we are interested in roles and orgs only</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>ObjectType ot = midpoint.resolveReferenceIfExists(a.targetRef)</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>//<a href="http://log.info">log.info</a> ("OID is: {}, resolving to: {}", a.targetRef?.oid, ot);</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>if (ot == null) {</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>def removeAssignment = new AssignmentType()</div><div> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>removeAssignment.targetRef = a.targetRef.clone() // we need to construct new assignment to avoid metadata and order disturbing stuff</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>assignmentsToDel.add(removeAssignment.asPrismContainerValue())</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span><a href="http://log.info">log.info</a>('User: {}, going to purge assignment: {}', <a href="http://input.name">input.name</a>, a.targetRef?.oid)</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span>}<span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> }<span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> def delta = DeltaBuilder.deltaFor(FocusType.class, prismContext)</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> .item(FocusType.F_ASSIGNMENT).delete(assignmentsToDel)</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> .asObjectDelta(input.oid)</div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> midpoint.modifyObject(delta, ModelExecuteOptions.createRaw())<span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </c:code></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </c:value></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </s:parameter> </div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </s:expression></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></s:pipeline></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></scext:executeScript></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></c:extension></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:taskIdentifier>1474775896757:987750751</c:taskIdentifier></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:ownerRef oid="00000000-0000-0000-0000-000000000002"/></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:executionStatus>runnable</c:executionStatus></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:category>BulkActions</c:category></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:handlerUri><a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3">http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</a></c:handlerUri></div><div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><c:recurrence>single</c:recurrence></div><div></c:task></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="2" style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p><span style="font-size:14px;font-weight:bold">Martin Lízner</span><br>solution architect<br><br>gsm: [+420] 737 745 571<br>e-mail: <a href="mailto:martin.lizner@ami.cz" target="_blank">martin.lizner@ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px solid gray!important"><p>AMI Praha a.s.<br>Pláničkova 11<br>162 00 Praha 6<br>tel.: [+420] 274 783 239<br>web: <a href="http://www.ami.cz/" target="_blank">www.ami.cz</a></p></td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td><td style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"> </td><td style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px solid gray!important"><p><img src="http://www.ami.cz/images/podpis/ami_logo.gif" alt="" style="border:0px"></p></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px solid gray!important"></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="8" style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px solid gray!important"><table style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important"><tbody><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px solid gray!important"><br><a href="http://www.skyidentity.com/" target="_blank"><img src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI Praha a.s." style="border:0px;width:480px!important;height:82px!important"></a></td></tr><tr style="padding:0px;margin:0px;border:0px solid gray!important"><td colspan="7" style="font-family:Arial,sans-serif;padding:0px;border:0px solid gray!important"><br></td></tr></tbody></table>Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s.<br>jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu.</td></tr></tbody></table></div><br></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">2017-02-01 20:12 GMT+01:00 Nicolas Rossi <span dir="ltr"><<a href="mailto:nrossi@identicum.com" target="_blank">nrossi@identicum.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi guys, it is also happening in midPoint 3.5. We tried running Cleanup and Validity Scanner tasks but the reference is still there. Is there any way to fix this references ?</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Thanks in advance !</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><div class="gmail_default"><br></div><div class="gmail_default"><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="m_3171675168714845583gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="arial, helvetica, sans-serif"><br><br><font color="#444444">Ing Nicolás Rossi</font><span class=""><br><font color="#999999">Identicum S.A.</font><br><font color="#999999">Jorge Newbery 3226</font><br></span><font color="#999999">Tel: <a href="tel:+54%2011%204552-3050" value="+541145523050" target="_blank">+54 (11) 4552-3050</a></font><br><font color="#999999"><a href="http://www.identicum.com" target="_blank">www.identicum.com</a></font></font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote"><div><div class="h5">On Mon, Jan 16, 2017 at 1:01 PM, Rodrigo Yanis <span dir="ltr"><<a href="mailto:ryanis@identicum.com" target="_blank">ryanis@identicum.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hello all,<div><br></div><div>We've come across the following case involving issues in how midpoint handles referential integrity in assignments and inducements. As for version 3.4.1, the case is the following:</div><div>1. An object "A" is created and assigned / induced into another object "B"</div><div>2. Object "A" is then deleted from midpoint</div><div>3. Object "B" keeps the reference to object's "A" oid, even though it doesn't exist anymore.</div><div>We replicated this in role to user assignments, role to role assignments, role to role inducements.</div><div>Is there any automatic native mechanism for resolving this referential errors?</div><div>If not, is there a way to attack the issue through the use of tasks?</div><div><br></div><div>Thanks,</div><div><div><div><div class="m_3171675168714845583m_-3043186304883110134gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><div dir="ltr"><font face="arial, helvetica, sans-serif"><b>Rodrigo Yanis.</b><br><img src="http://www.identicum.com/img/favicon.ico">Identicum S.A.<br></font>Jorge Newbery 3226<br>Tel: <a href="tel:+54%2011%204824-9971" value="+541148249971" target="_blank">+54 (11) 4824-9971</a><font face="arial, helvetica, sans-serif"><br><a href="mailto:ryanis@identicum.com" target="_blank"><font color="#0b5394">ryanis@identicum.com</font></a><br><a href="http://www.identicum.com/" target="_blank"><font color="#0b5394">www.identicum.com</font></a></font></div></div></div></div></div></div></div></div></div></div></div>
</div></div></div>
<br></div></div>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>