<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Oleksandr,</p>
<p>one thing is to have strong mappings for assigning the roles
through the template. But to really apply anything to target
systems you also have to have strong mappings in schema
handling/roles (outbound mappings) in all resources where you want
this.</p>
<p>Then reconciliation (or any other synchronization, including
provisioning) will always try to push the values which should be
in the target system account attributes.</p>
<p>The default mapping strength is normal as Martin said; that
means, only changes are synchronized.</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 10.01.2018 16:29, Oleksandr Nekriach
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANb693RMvVG+d=YdJnURi8KuL=ostopcSEuJYp8YkPzhg53ssg@mail.gmail.com">
<div dir="ltr">
<div>Hi Martin,<br>
</div>
I have already tried this approach but had not success in my
case.<br>
<br>
<mapping><br>
<description>Assigment Agents to Agents
Role</description><br>
<authoritative>true</authoritative><br>
<strength>strong</strength><br>
<source><br>
<c:path>$user/employeeType</c:path><br>
</source><br>
<source><br>
<name>formerEmployee</name><br>
<c:path>$user/extension/formerEmployee</c:path><br>
</source><br>
<expression><br>
<value><br>
<targetRef
oid="cdbe899a-527b-4774-accc-8d1a7f000000"
type="c:RoleType"/><br>
</value><br>
</expression><br>
<target><br>
<c:path>assignment</c:path><br>
</target><br>
<condition><br>
<script xmlns:xsi="<a
href="http://www.w3.org/2001/XMLSchema-instance"
moz-do-not-send="true">http://www.w3.org/2001/XMLSchema-instance</a>"<br>
xsi:type="c:ScriptExpressionEvaluatorType"><br>
<code>employeeType =='Agent'
&& formerEmployee == 'false'</code><br>
</script><br>
</condition><br>
</mapping><br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 10 January 2018 at 16:33, Martin
Lízner - AMI Praha a.s. <span dir="ltr"><<a
href="mailto:martin.lizner@ami.cz" target="_blank"
moz-do-not-send="true">martin.lizner@ami.cz</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi, try using strength=strong for your object
template mappings. Should do for most cases. Default is
strength=normal, which triggers mapping only when mapping
sources are changed. M.</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_8666095771526512850gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<table
style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important">
<tbody>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="2"
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px
solid gray!important">
<p><span
style="font-size:14px;font-weight:bold">Martin
Lízner</span><br>
solution architect<br>
<br>
gsm: <a
href="tel:+420%20737%20745%20571"
value="+420737745571"
target="_blank"
moz-do-not-send="true">[+420]
737 745 571</a><br>
e-mail: <a
href="mailto:martin.lizner@ami.cz"
target="_blank"
moz-do-not-send="true">martin.lizner@ami.cz</a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;vertical-align:bottom;padding:0px;border:0px
solid gray!important">
<p>AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel.: <a
href="tel:+420%20274%20783%20239"
value="+420274783239"
target="_blank"
moz-do-not-send="true">[+420]
274 783 239</a><br>
web: <a
href="http://www.ami.cz/"
target="_blank"
moz-do-not-send="true">www.ami.cz</a></p>
</td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;border-right-width:1px;border-right-style:solid;border-right-color:rgb(204,204,204);padding:0px;border-top-width:0px!important;border-bottom-width:0px!important;border-left-width:0px!important;border-top-style:solid!important;border-bottom-style:solid!important;border-left-style:solid!important;border-top-color:gray!important;border-bottom-color:gray!important;border-left-color:gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"> </td>
<td
style="color:rgb(0,0,0);font-family:Arial,sans-serif;font-size:11px;margin:8px;border:0px
solid gray!important">
<p><img
src="http://www.ami.cz/images/podpis/ami_logo.gif"
alt="" style="border:0px"
moz-do-not-send="true"></p>
</td>
</tr>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="8"
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;border:0px
solid gray!important"><br>
</td>
</tr>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="8"
style="color:rgb(128,128,128);font-family:Arial,sans-serif;font-size:11px;padding:0px;border:0px
solid gray!important">
<table
style="font-family:Verdana,Arial,Helvetica,sans-serif;border-collapse:collapse;padding:0px;margin:0px;border-width:0px!important;border-style:solid!important;width:482px!important">
<tbody>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="7"
style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10px;padding:0px;width:480px;border:0px
solid gray!important"><br>
<a
href="http://www.skyidentity.com/"
target="_blank"
moz-do-not-send="true"><img
src="http://www.ami.cz/images/podpis/AMI-podpis-Sky.png" alt="AMI Praha
a.s."
style="border:0px;width:480px!important;height:82px!important"
moz-do-not-send="true"></a></td>
</tr>
<tr
style="padding:0px;margin:0px;border:0px
solid gray!important">
<td colspan="7"
style="font-family:Arial,sans-serif;padding:0px;border:0px
solid gray!important"><br>
</td>
</tr>
</tbody>
</table>
Textem tohoto e-mailu
podepisující neslibuje uzavřít
ani neuzavírá za společnost
AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá
smlouva, pokud bude uzavřena,
musí mít výhradně písemnou
formu.</td>
</tr>
</tbody>
</table>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div>
<div class="h5">2018-01-08 15:49 GMT+01:00 Oleksandr
Nekriach <span dir="ltr"><<a
href="mailto:o.nekriach@dynatech.lv"
target="_blank" moz-do-not-send="true">o.nekriach@dynatech.lv</a>></span>:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class="h5">Hi guys,<br>
Please answer me whether there is a way to
recalculate all the<br>
attributes and assignments that are assigned to
users according to its<br>
ObjectTemplate. Or the principle of Relativity can
not be bypassed.<br>
Example:<br>
We have ObjectTemplate wich is applied during
reconciliation. This<br>
ObjectTemplate assigns roles to the users. But
after some time I have<br>
found that the IDM administrators (Help Desk
guys) made some changes.<br>
And I'm not sure whether all users have those
assignments that were<br>
automatically calculated according to
ObjectTemplates or there is<br>
something superfluous. And I would like to remove
this unnecessary<br>
assignments automatically.<br>
<br>
--<br>
Best regards,<br>
<br>
Oleksandr Nekriach | Identity and access
management engineer<br>
<br>
Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia<br>
<br>
<a href="tel:%2B37125314685" value="+37125314685"
target="_blank" moz-do-not-send="true">+37125314685</a><br>
,<br>
<a href="mailto:o.nekriach@dynatech.lv"
target="_blank" moz-do-not-send="true">o.nekriach@dynatech.lv</a><br>
|<br>
<a href="http://www.dynatech.lv" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.dynatech.lv</a><br>
<br>
<br>
<br>
<br>
Stay connected:<br>
<br>
<br>
Confidentiality Notice: This message contains
confidential information<br>
and is intended only for the named recipient(s).
If you are not the<br>
addressee you may not copy, distribute or perform
any other activities<br>
with this information. If you have received this
transmission in<br>
error, please notify us by e-mail immediately.
E-mail transmission<br>
cannot be guaranteed to be secure or error-free as
information could<br>
be intercepted, corrupted, lost, destroyed, arrive
late or incomplete,<br>
or contain viruses.<br>
</div>
</div>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.evolveum.com/mail<wbr>man/listinfo/midpoint</a><br>
</blockquote>
</div>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr"><span style="color:#4c4c4c">Best regards, <br>
<br>
Oleksandr Nekriach | Identity and access management
engineer <br>
<br>
Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia <br>
<br>
<div style="display:inline-block"><a
href="tel:+371%2025%20314%20685"
value="+37125314685" target="_blank"
moz-do-not-send="true">+37125314685</a></div>
,
<div style="display:inline-block"><a
href="mailto:o.nekriach@dynatech.lv"
target="_blank" moz-do-not-send="true">o.nekriach@dynatech.lv</a></div>
|
<div style="display:inline-block"><a
href="http://www.dynatech.lv" target="_blank"
moz-do-not-send="true">www.dynatech.lv</a></div>
<br>
<br>
<img src="cid:part21.D799C2BE.39DFD6BE@evolveum.com"
class=""> <br>
<br>
Stay connected: <br>
<div style="display:inline-block;margin:5px 5px 0 0"><a
href="https://www.facebook.com/DynatechLatvia/?ref=br_rs"
target="_blank" moz-do-not-send="true"><img
src="cid:part22.8ECCFBA9.24A13946@evolveum.com"
class=""></a></div>
<div style="display:inline-block;margin:5px 0 0 0"><a
href="https://www.linkedin.com/company-beta/17893047/" target="_blank"
moz-do-not-send="true"><img
src="cid:part24.AFBF8DC1.8E4F439E@evolveum.com"
class=""></a></div>
<br>
<br>
<span style="font-size:11px;color:#a1a1a1">Confidentiality
Notice: This message contains confidential
information and is intended only for the named
recipient(s). If you are not the addressee you may
not copy, distribute or perform any other activities
with this information. If you have received this
transmission in error, please notify us by e-mail
immediately. E-mail transmission cannot be
guaranteed to be secure or error-free as information
could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.</span></span></div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>