<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi Rainer,</p>
    <p>just a stupid question: the role was assigned manually or by
      object template?</p>
    <p>Isn't there perhaps still a mapping that assigns it back?</p>
    <p>I think you can test it from Role - Members and try to unassign
      the role from your member there. If the behaviour is the same,
      maybe midpoint just keeps assigning the role...<br>
    </p>
    <p>Best regards,</p>
    <p>Ivan<br>
    </p>
    <div class="moz-cite-prefix">On 17. 1. 2020 13:12, Rainer Herbst
      wrote:<br>
    </div>
    <blockquote type="cite" cite="mid:ximss-9428411@communigate2.aip.de">Dear
      all,
      <br>
      <br>
      again, I am bouncing with my head against a wall and fill so
      thumb... ;-)
      <br>
      <br>
      Simple use case - unassociate all Users with the role staff
      (Mitarbeiter) from that role.
      <br>
      <br>
      In the users, the role is assigned:
      <br>
        <assignment id="32">
      <br>
        <metadata>...</metadata>
      <br>
        <targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
      relation="org:default" type="c:RoleType">
      <br>
        <!-- Mitarbeiter -->
      <br>
        </targetRef>
      <br>
        <activation>
      <br>
       
      <administrativeStatus>disabled</administrativeStatus>
      <br>
        <effectiveStatus>disabled</effectiveStatus>
      <br>
        </activation>
      <br>
        </assignment>
      <br>
      <br>
      I wrote a task that should delete this association. Actually, I
      took a lot from the examle
      <br>
<a class="moz-txt-link-freetext" href="https://github.com/Evolveum/midpoint-samples/blob/a5152f69de6e33949eaceb3889abc9edc0f506ea/samples/tasks/bulk-actions/modify-selected-users-unassign-role.xml">https://github.com/Evolveum/midpoint-samples/blob/a5152f69de6e33949eaceb3889abc9edc0f506ea/samples/tasks/bulk-actions/modify-selected-users-unassign-role.xml</a>:
      <br>
      <br>
      <objects
      xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
      <br>
       
      xmlns:c=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>
      <br>
        xmlns:q=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/query-3">"http://prism.evolveum.com/xml/ns/public/query-3"</a>
      <br>
        xmlns:t=<a class="moz-txt-link-rfc2396E" href="http://prism.evolveum.com/xml/ns/public/types-3">"http://prism.evolveum.com/xml/ns/public/types-3"</a>
      <br>
        xmlns:xsi=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/XMLSchema-instance">"http://www.w3.org/2001/XMLSchema-instance"</a>
      <br>
       
      xmlns:org=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">"http://midpoint.evolveum.com/xml/ns/public/common/org-3"</a>
      <br>
      <blockquote type="cite">
        <br>
      </blockquote>
      <br>
        <task>
      <br>
        <name>Unassign "Mitarbeiter" role from all
      users</name>
      <br>
           <extension>
      <br>
        <scext:executeScript
xmlns:scext=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">"http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3"</a>><br>
        <s:search
xmlns:s=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">"http://midpoint.evolveum.com/xml/ns/public/model/scripting-3"</a>><br>
        <s:type>c:UserType</s:type>
      <br>
        <s:searchFilter>
      <br>
        <q:ref>
      <br>
        <q:path>assignment/targetRef</q:path>
      <br>
        <q:value oid="9f154c7e-ac7d-4d26-b715-58840e807fea"/>
      <br>
        </q:ref>
      <br>
        </s:searchFilter>
      <br>
        <s:action>
      <br>
        <s:type>modify</s:type>
      <br>
        <s:parameter>
      <br>
        <s:name>delta</s:name>
      <br>
        <c:value xsi:type="t:ObjectDeltaType">
      <br>
        <t:changeType>modify</t:changeType>  <!-- this is
      the default, can be omitted -->
      <br>
        <!-- objectType and oid are taken from the object being
      modified -->
      <br>
        <t:itemDelta>
      <br>
        <t:modificationType>delete</t:modificationType>
      <br>
        <t:path>c:assignment</t:path>
      <br>
        <t:value>
      <br>
        <c:targetRef oid="9f154c7e-ac7d-4d26-b715-58840e807fea"
      relation="org:default" type="c:RoleType"/>
      <br>
        </t:value>
      <br>
        </t:itemDelta>
      <br>
        </c:value>
      <br>
        </s:parameter>
      <br>
        </s:action>
      <br>
        </s:search>
      <br>
        </scext:executeScript>
      <br>
           </extension>
      <br>
        <ownerRef oid="00000000-0000-0000-0000-000000000002"/>
      <br>
        <executionStatus>runnable</executionStatus>
      <br>
        <category>BulkActions</category>
      <br>
       
<handlerUri><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3">http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</a></handlerUri><br>
        <recurrence>recurring</recurrence>
      <br>
        </task>
      <br>
      </objects>
      <br>
      <br>
      <br>
      In the logs, i see three entries being modified:
      <br>
      2020-01-17 13:00:57,055 [] [midPointScheduler_Worker-4] INFO
      (com.evolveum.midpoint.model.impl.scripting.ExecutionContext):
      Script console message: Modified
      user:321afa6d-c3fe-49a5-836c-bb443ff45434(xxxxx)
      <br>
      2020-01-17 13:00:57,163 [] [midPointScheduler_Worker-4] INFO
      (com.evolveum.midpoint.model.impl.scripting.ExecutionContext):
      Script console message: Modified
      user:59af0f09-5897-4f45-8e41-4e1e0dce37a8(yyyyyy)
      <br>
      2020-01-17 13:00:57,278 [] [midPointScheduler_Worker-4] INFO
      (com.evolveum.midpoint.model.impl.scripting.ExecutionContext):
      Script console message: Modified
      user:b5a0b375-4bc5-4787-8e70-b576ec556022(zzzzzz)
      <br>
      <br>
      But when I check the entries, the Assignment is still in place.
      <br>
      <br>
      So what do I miss? Many thanks in advance!
      <br>
      <br>
      <br>
      Rainer Herbst
      <br>
      Leiter IT-Service
      <br>
      Phone: +49 331 7499-257
      <br>
      e-mail: <a class="moz-txt-link-abbreviated" href="mailto:rainer.herbst@aip.de">rainer.herbst@aip.de</a>
      <br>
      <a class="moz-txt-link-freetext" href="https://www.aip.de">https://www.aip.de</a>
      <br>
      <br>
-----------------------------------------------------------------------------------------------
      <br>
      Leibniz-Institut für Astrophysik Potsdam (AIP)
      <br>
      An der Sternwarte 16, 14482 Potsdam
      <br>
      <br>
      Vorstand: Prof. Dr. Matthias Steinmetz, Matthias Winker
      <br>
      Stiftung bürgerlichen Rechts
      <br>
      Stiftungsverzeichnis Brandenburg: 26 742-00/7026
      <br>
-----------------------------------------------------------------------------------------------
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <pre class="moz-signature" cols="72">-- 
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
  </body>
</html>