<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Nicolas,</p>
<p>I have no example (nor experience) with Rest connector; maybe
someone else has.</p>
<p>Regarding for the issue in reference
(<a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-3515">https://jira.evolveum.com/browse/MID-3515</a>). It is marked as New
feature with "subscription needed". The best way is to have
Platform subscription for the project.</p>
<p>All the possible ways are described in
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature">https://wiki.evolveum.com/display/midPoint/I+Need+New+Feature</a> and
<a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/Subscriptions+and+Sponsoring">https://wiki.evolveum.com/display/midPoint/Subscriptions+and+Sponsoring</a></p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="moz-cite-prefix">On 29.06.2018 19:09, Nicolas Rossi
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAAxX8cgaH90hYLzzw6dbnNrGA3Xdk0MvNNh11S4vbVH1v_Y+8A@mail.gmail.com">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">Hi
Ivan, we found the assignment properties and we also extended
the AssignmentType for other project but we don't know how to
specify in a role definition that a property on the assignment
is mandatory. Is there any way to do that ?</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">On
the other hand we are working on a Rest Connector and I
couldn't find any example to access the assignment parameters
when provisioning the role to the resource.</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">Regarding
the issue at Jira, what does Evolveum need to continue the
development? Maybe we can find some support from our customers
to achieve that. </div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444">Kind
regards,</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:#444444"><br>
</div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font
face="arial, helvetica,
sans-serif"><br>
<br>
<font color="#444444">Ing
Nicolás Rossi</font><br>
<font color="#999999">Identicum
S.A.</font><br>
<font color="#999999">Jorge
Newbery 3226</font><br>
<font color="#999999">Tel:
+54 (11) 4552-3050</font><br>
<font color="#999999"><a
href="http://www.identicum.com"
target="_blank"
moz-do-not-send="true">www.identicum.com</a></font></font><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, Jun 29, 2018 at 4:03 AM Ivan Noris <<a
href="mailto:ivan.noris@evolveum.com" moz-do-not-send="true">ivan.noris@evolveum.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Nicolas,</p>
<p>when I was working with parametric roles, I was using an
approach which I described here: <a
class="m_4974245802337387919moz-txt-link-freetext"
href="https://evolveum.com/blog/working-multi-tenant-roles/"
target="_blank" moz-do-not-send="true">https://evolveum.com/blog/working-multi-tenant-roles/</a></p>
<p>(The screenshots are from old midpoint :-) but you should
get the message.)</p>
<p>By default you can assign roles with parameters: orgRef
or tenantRef:</p>
<p>- orgRef: you select (probably any) of the organizations
in midPoint to be the parameter</p>
<p>- tenantRef: you select any organization marked as tenant
in midPoint to be the parameter</p>
<p>This might help you as it is (we were / are using this in
multiple deployments).<br>
</p>
<p>What we definitely want is to make this more configurable
and extensible. But I'm sure Radovan will prove more on
this topic.<br>
</p>
<p>I believe the feature is tracked here: <a
class="m_4974245802337387919moz-txt-link-freetext"
href="https://jira.evolveum.com/browse/MID-3515"
target="_blank" moz-do-not-send="true">https://jira.evolveum.com/browse/MID-3515</a><br>
</p>
Best regards,<br>
Ivan<br>
<br>
<div class="m_4974245802337387919moz-cite-prefix">On
29.06.2018 00:11, Nicolas Rossi wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Hi
guys, </div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">We
are working on a customer who needs to define some
roles with parameters to prevent role explosion
scenario. I have found lot of references to this issue
on the wiki (<a
href="https://wiki.evolveum.com/display/midPoint/Role+Explosion"
target="_blank" moz-do-not-send="true">here</a>, <a
href="https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC#AdvancedHybridRBAC-ParametricRoles"
target="_blank" moz-do-not-send="true">here</a> and
<a
href="https://wiki.evolveum.com/display/midPoint/Assignment+Configuration#AssignmentConfiguration-ParametricAssignments"
target="_blank" moz-do-not-send="true">here</a>).
There were also <a
href="https://lists.evolveum.com/pipermail/midpoint/2013-July/000096.html"
target="_blank" moz-do-not-send="true">similar
question</a>s on the mailing list few years ago
where Radovan explains that is was designed but not
implemented.</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Regarding
the Radovan explanation I am not sure if we should
extend the AssociationType to add custom parameters or
if we should define role parameters (couldn't find any
example on the documentation).</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">On
the UI when and end-user request a new role, he can
define properties on the assignment (parameters) for
each role, but... is there any way to define that some
properties / parameters are required so the user can't
request the role without specifying some value for
that parameter ?</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">I
apologize in advance for the lengthy e-mail</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(68,68,68)">Thanks,</div>
<div>
<div dir="ltr"
class="m_4974245802337387919gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><font
face="arial,
helvetica,
sans-serif"><br>
<br>
<font
color="#444444">Ing
Nicolás Rossi</font><br>
<font
color="#999999">Identicum
S.A.</font><br>
<font
color="#999999">Jorge
Newbery 3226</font><br>
<font
color="#999999">Tel:
+54 (11) 4552-3050</font><br>
<font
color="#999999"><a
href="http://www.identicum.com" target="_blank" moz-do-not-send="true">www.identicum.com</a></font></font><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="m_4974245802337387919mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a class="m_4974245802337387919moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="m_4974245802337387919moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="m_4974245802337387919moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank" moz-do-not-send="true">evolveum.com</a>
</pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>