<div dir="ltr"><div>Hi Kevin,</div><div><br></div><div>scripted-sql sample is here: <a href="https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql">https://github.com/Evolveum/midpoint-samples/tree/master/samples/resources/scriptedsql</a></div><div>but if you have only one table with data from HR is easier to use build in database table connector:</div><div><a href="https://docs.evolveum.com/connectors/resources/databasetable">https://docs.evolveum.com/connectors/resources/databasetable</a><br></div><div>Filtering out old data can you do in at least 2 ways:</div><div>1) creating a DB view with where condition to filter out all old data what you never need in midPoint</div><div>2) just using resource synchronization/objectSynchronization/condition </div><div>something like this:</div><div><pre style="background-color:rgb(43,43,43);color:rgb(169,183,198);font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><condition><br></span><span style="color:rgb(232,191,106)"> <script><br></span><span style="color:rgb(232,191,106)"> <code></span><![CDATA[<span style="background-color:rgb(54,65,53)"><br></span><span style="background-color:rgb(54,65,53)"> import java.text.SimpleDateFormat;<br></span><span style="background-color:rgb(54,65,53)"><br></span><span style="background-color:rgb(54,65,53)"> String strFireDate = basic.getAttributeValue(shadow, '<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>', 'Firedate')<br></span><span style="background-color:rgb(54,65,53)"> if (!basic.isEmpty(strFireDate)) {<br></span><span style="background-color:rgb(54,65,53)"> SimpleDateFormat sdf = new SimpleDateFormat('yyyy-MM-dd')<br></span><span style="background-color:rgb(54,65,53)"> Date dateNow = new Date()<br></span><span style="background-color:rgb(54,65,53)"> Date fireDate = sdf.parse(strFireDate)<br></span><span style="background-color:rgb(54,65,53)"><br></span><span style="background-color:rgb(54,65,53)"> if (fireDate < dateNow) {<br></span><span style="background-color:rgb(54,65,53)"> return false // ignore<br></span><span style="background-color:rgb(54,65,53)"> }<br></span><span style="background-color:rgb(54,65,53)"> }<br></span><span style="background-color:rgb(54,65,53)"><br></span><span style="background-color:rgb(54,65,53)"> return true // import<br></span><span style="background-color:rgb(54,65,53)"><br></span><span style="background-color:rgb(54,65,53)"> </span>]]><span style="color:rgb(232,191,106)"></code><br></span><span style="color:rgb(232,191,106)"> </script><br></span><span style="color:rgb(232,191,106)"></condition></span></pre></div><div><br></div><div>about setting up read only resource you need to set existence to true in schemaHandling/objectType</div><div><pre style="background-color:rgb(43,43,43);color:rgb(169,183,198);font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><activation><br></span><span style="color:rgb(232,191,106)"> <existence><br></span><span style="color:rgb(232,191,106)"> <outbound><br></span><span style="color:rgb(232,191,106)"> <name></span>HR don't support shadow delete, so never try to delete...<span style="color:rgb(232,191,106)"></name><br></span><span style="color:rgb(232,191,106)"> <strength></span>weak<span style="color:rgb(232,191,106)"></strength><br></span><span style="color:rgb(232,191,106)"> <expression><br></span><span style="color:rgb(232,191,106)"> <value></span>true<span style="color:rgb(232,191,106)"></value><br></span><span style="color:rgb(232,191,106)"> </expression><br></span><span style="color:rgb(232,191,106)"> </outbound><br></span><span style="color:rgb(232,191,106)"> </existence><br></span><span style="color:rgb(232,191,106)"></activation><br></span></pre></div><div>and also setting up configured capabilities:</div><div><pre style="background-color:rgb(43,43,43);color:rgb(169,183,198);font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(232,191,106)"><capabilities><br></span><span style="color:rgb(232,191,106)"> <configured </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(106,135,89)">="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3</a>"</span><span style="color:rgb(232,191,106)">><br></span><span style="color:rgb(232,191,106)"> <</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:delete><br></span><span style="color:rgb(232,191,106)"> <</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:enabled></span>false<span style="color:rgb(232,191,106)"></</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:enabled><br></span><span style="color:rgb(232,191,106)"> </</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:delete><br></span><span style="color:rgb(232,191,106)"> <</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:update><br></span><span style="color:rgb(232,191,106)"> <</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:enabled></span>false<span style="color:rgb(232,191,106)"></</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:enabled><br></span><span style="color:rgb(232,191,106)"> </</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:update><br></span><span style="color:rgb(232,191,106)"> <</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:create><br></span><span style="color:rgb(232,191,106)"> <</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:enabled></span>false<span style="color:rgb(232,191,106)"></</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:enabled><br></span><span style="color:rgb(232,191,106)"> </</span><span style="color:rgb(152,118,170)">cap</span><span style="color:rgb(232,191,106)">:create><br></span><span style="color:rgb(232,191,106)"> </configured><br></span><span style="color:rgb(232,191,106)"></capabilities></span></pre></div><div>+ also use DB user with read only permission only to required tables for security reasons at all.<br></div><div><br></div><div>If you need more help with PoC don't hesitate to contact us...</div><div><br></div><div>Best regards,</div><div><br></div><div>Gustav</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">po 17. 10. 2022 o 20:10 Collins, Kevin via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> napísal(a):<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="overflow-wrap: break-word;">
Hi everyone,
<div><br>
</div>
<div><br>
</div>
<div>I’ve been working through the MidPoint book and the samples in midPoint 4.4.3 to try answer a couple of problems I’m having putting together a PoC midPoint demo:</div>
<div><br>
</div>
<div>
<ul>
<li>How do I filter inbound data from a (Postgres) db table so that it doesn’t try to import stale data? Simplified use case is that an HR system writes data about staff to a Postgres db table. That data is more or less authoritative for staff. The
db table contains details about every member of staff who is current but also contains details of every staff person it has ever known about. This sounds like an ideal job for a scripted-sql connector but I can’t get that to work at all in midPoint. So I’m
looking at filtering on the inbound data. Unless, of course, anyone has good worked example of a scripted-sql resource that they’d be willing to share…</li><li><br>
</li><li>How do I prevent the Idm from deleting the entire record from the Postgres db table when I delete it in the IDM ? </li></ul>
<div><br>
</div>
<div>The HR people “own” the data in the table except for the username, emailAddress and initial password, which are generated by the Idm and passed back to the table.</div>
<div><br>
</div>
<div>Thanks in advance.</div>
<div><br>
</div>
<div><br>
</div>
<div>-Kev_C</div>
<div>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<br>
</div>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<br>
-- <br>
Kevin Collins,<br>
Senior Specialist,<br>
Information Services<br>
Heriot-Watt University,<br>
EDINBURGH, EH14 4AS,<br>
Scotland, UK<br>
<br>
For IT support queries or requests, please navigate to <a href="https://hwu.topdesk.net/" target="_blank">
https://hwu.topdesk.net/</a>, <a href="mailto:ishelp@hw.ac.uk" target="_blank">email ishelp@hw.ac.uk</a> or phone ext 4045, with full details of your query or request and your contact details.<br>
<br>
<a href="http://www.hw.ac.uk/is" target="_blank">http://www.hw.ac.uk/is</a><br>
</div>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<br>
</div>
<br>
</div>
<br>
</div>
<u></u>
<div align="center">
<hr size="2" width="100%" align="center">
</div>
<p style="font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:8pt;margin:0px">
Founded in 1821, Heriot-Watt is a leader in ideas and solutions. With campuses and students across the entire globe we span the world, delivering innovation and educational excellence in business, engineering, design and the physical, social and life sciences.
This email is generated from the Heriot-Watt University Group, which includes:</p>
<ol style="margin:0px">
<li style="font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:8pt">
Heriot-Watt University, a Scottish charity registered under number SC000278</li><li style="font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:8pt">
Heriot- Watt Services Limited (Oriam), Scotland's national performance centre for sport. Heriot-Watt Services Limited is a private limited company registered is Scotland with registered number SC271030 and registered office at Research & Enterprise Services
Heriot-Watt University, Riccarton, Edinburgh, EH14 4AS.</li></ol>
<p style="font-family:Arial,"Helvetica Neue",Helvetica,sans-serif;font-size:8pt;margin:0px">
The contents (including any attachments) are confidential. If you are not the intended recipient of this e-mail, any disclosure, copying, distribution or use of its contents is strictly prohibited, and you should please notify the sender immediately and then
delete it (including any attachments) from your system.</p>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">s pozdravom<div><br></div><div>Gustáv Pálos</div></div></div>