<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Fira Code";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.E-MailFormatvorlage21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE-CH" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Thank you very much for this peace of code.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">I have a Role that is assigned to every active employee and a role that is assigned to every inactive employee.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">I have assigned this policyRule to the role for active employees and now, whenever this role gets deleted, all roles expect the one for inactive employees well be unassigned.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Perfect way to solve this problem.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Thank you again. Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Patrik<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="DE">Von:</span></b><span lang="DE"> Alcides Moraes <alcides.neto@gmail.com>
<br>
<b>Gesendet:</b> Donnerstag, 23. März 2023 17:00<br>
<b>An:</b> midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Cc:</b> Patrik Sidler <patrik.sidler@itconcepts.ch><br>
<b>Betreff:</b> Re: [midPoint] Automatically unassign requested roles when validTo is reached<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi Patrik,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">We do something like what you need using a policyRule with scriptExecution policyAction<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://docs.evolveum.com/midpoint/reference/roles-policies/policy-rules/">https://docs.evolveum.com/midpoint/reference/roles-policies/policy-rules/</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">It’s a very little documented feature.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">You can have a script executed when an assignment is added and/or deleted.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">You can also have globalPolicies but I never tested these.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Example:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<pre style="background:#2B2B2B"><span style="font-family:"Fira Code";color:#54A857"><</span><span style="font-family:"Fira Code";color:#E8BF6A">assignment id=</span><span style="color:#E8BF6A">“</span><span style="font-family:"Fira Code";color:#E8BF6A">8"</span><span style="font-family:"Fira Code";color:#54A857">><br> </span><span style="font-family:"Fira Code";color:#359FF4"><</span><span style="font-family:"Fira Code";color:#E8BF6A">policyRule</span><span style="font-family:"Fira Code";color:#359FF4">><br> </span><span style="font-family:"Fira Code";color:#5060BB"><</span><span style="font-family:"Fira Code";color:#E8BF6A">name</span><span style="font-family:"Fira Code";color:#5060BB">></span><span style="font-family:"Fira Code";color:#A9B7C6">Remove all assignments that are not the archetype</span><span style="font-family:"Fira Code";color:#5060BB"></</span><span style="font-family:"Fira Code";color:#E8BF6A">name</span><span style="font-family:"Fira Code";color:#5060BB">><br> <</span><span style="font-family:"Fira Code";color:#E8BF6A">policyConstraints</span><span style="font-family:"Fira Code";color:#5060BB">><br> </span><span style="font-family:"Fira Code";color:#179387"><</span><span style="font-family:"Fira Code";color:#E8BF6A">assignment </span><span style="font-family:"Fira Code";color:#BABABA">id</span><span style="font-family:"Fira Code";color:#6A8759">="9"</span><span style="font-family:"Fira Code";color:#179387">><br> </span><span style="font-family:"Fira Code";color:#E8BA36"><</span><span style="font-family:"Fira Code";color:#E8BF6A">operation</span><span style="font-family:"Fira Code";color:#E8BA36">></span><span style="font-family:"Fira Code";color:#A9B7C6">add</span><span style="font-family:"Fira Code";color:#E8BA36"></</span><span style="font-family:"Fira Code";color:#E8BF6A">operation</span><span style="font-family:"Fira Code";color:#E8BA36">><br> </span><span style="font-family:"Fira Code";color:#179387"></</span><span style="font-family:"Fira Code";color:#E8BF6A">assignment</span><span style="font-family:"Fira Code";color:#179387">><br> </span><span style="font-family:"Fira Code";color:#5060BB"></</span><span style="font-family:"Fira Code";color:#E8BF6A">policyConstraints</span><span style="font-family:"Fira Code";color:#5060BB">><br> <</span><span style="font-family:"Fira Code";color:#E8BF6A">policyActions</span><span style="font-family:"Fira Code";color:#5060BB">><br> </span><span style="font-family:"Fira Code";color:#179387"><</span><span style="font-family:"Fira Code";color:#E8BF6A">scriptExecution </span><span style="font-family:"Fira Code";color:#BABABA">id</span><span style="font-family:"Fira Code";color:#6A8759">="10"</span><span style="font-family:"Fira Code";color:#179387">><br> </span><span style="font-family:"Fira Code";color:#E8BA36"><</span><span style="font-family:"Fira Code";color:#E8BF6A">executeScript </span><span style="font-family:"Fira Code";color:#BABABA">xmlns:</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#6A8759">="<a href="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">http://midpoint.evolveum.com/xml/ns/public/model/scripting-3</a>"</span><span style="font-family:"Fira Code";color:#E8BA36">><br> </span><span style="font-family:"Fira Code";color:#54A857"><</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:pipeline </span><span style="font-family:"Fira Code";color:#BABABA">list</span><span style="font-family:"Fira Code";color:#6A8759">="true"</span><span style="font-family:"Fira Code";color:#54A857">><br> </span><span style="font-family:"Fira Code";color:#359FF4"><</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:action</span><span style="font-family:"Fira Code";color:#359FF4">><br> </span><span style="font-family:"Fira Code";color:#5060BB"><</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:type</span><span style="font-family:"Fira Code";color:#5060BB">></span><span style="font-family:"Fira Code";color:#A9B7C6">execute-script</span><span style="font-family:"Fira Code";color:#5060BB"></</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:type</span><span style="font-family:"Fira Code";color:#5060BB">><br> <</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:parameter </span><span style="font-family:"Fira Code";color:#BABABA">xmlns:</span><span style="font-family:"Fira Code";color:#9876AA">qn63</span><span style="font-family:"Fira Code";color:#6A8759">="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</span><span style="font-family:"Fira Code";color:#5060BB">><br> </span><span style="font-family:"Fira Code";color:#179387"><</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:name</span><span style="font-family:"Fira Code";color:#179387">></span><span style="font-family:"Fira Code";color:#A9B7C6">script</span><span style="font-family:"Fira Code";color:#179387"></</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:name</span><span style="font-family:"Fira Code";color:#179387">><br> <</span><span style="font-family:"Fira Code";color:#E8BF6A">value</span><span style="font-family:"Fira Code";color:#179387">><br> </span><span style="font-family:"Fira Code";color:#E8BA36"><</span><span style="font-family:"Fira Code";color:#E8BF6A">code</span><span style="font-family:"Fira Code";color:#E8BA36">></span><o:p></o:p></pre>
<pre style="background:#2B2B2B"><span class="apple-tab-span"><span style="font-family:"Fira Code";color:#A9B7C6"> </span></span><span style="font-family:"Fira Code";color:#A9B7C6"> import com.evolveum.midpoint.xml.ns._public.common.common_3.*<br> import com.evolveum.midpoint.prism.delta.builder.*<br> import com.evolveum.midpoint.model.api.*<br> import static com.evolveum.midpoint.schema.constants.SchemaConstants.C_ORG_TYPE<br> import javax.xml.namespace.QName<br><br> def assignmentsToDelete = []<br> user = midpoint.getObject(UserType.class, input.oid)<br> for (a in user.assignment) {<br> if (a.targetRef?.oid != "4b05bd96-1704-4ca9-8974-a34f9caebd0c") {<br> def removeAssignment = new AssignmentType()<br> <a href="http://removeAssignment.id">removeAssignment.id</a> = <a href="http://a.id">a.id</a><br> assignmentsToDelete.add removeAssignment.asPrismContainerValue()<br> }<br> }<br> if (!assignmentsToDelete.empty) {<br> <a href="http://log.info">log.info</a> "Assignments to delete: " + assignmentsToDelete<br> def delta = prismContext.deltaFor(UserType.class).item(UserType.F_ASSIGNMENT).delete(assignmentsToDelete).asObjectDelta(user.oid)<br> <a href="http://log.info">log.info</a> "Deleting"<br> midpoint.modifyObject(delta)<br> }</span><o:p></o:p></pre>
<pre style="background:#2B2B2B"><span class="apple-tab-span"><span style="font-family:"Fira Code";color:#E8BA36"> </span></span><span style="font-family:"Fira Code";color:#E8BA36"> </</span><span style="font-family:"Fira Code";color:#E8BF6A">code</span><span style="font-family:"Fira Code";color:#E8BA36">><br> </span><span style="font-family:"Fira Code";color:#179387"></</span><span style="font-family:"Fira Code";color:#E8BF6A">value</span><span style="font-family:"Fira Code";color:#179387">><br> </span><span style="font-family:"Fira Code";color:#5060BB"></</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:parameter</span><span style="font-family:"Fira Code";color:#5060BB">><br> </span><span style="font-family:"Fira Code";color:#359FF4"></</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:action</span><span style="font-family:"Fira Code";color:#359FF4">><br> </span><span style="font-family:"Fira Code";color:#54A857"></</span><span style="font-family:"Fira Code";color:#9876AA">s</span><span style="font-family:"Fira Code";color:#E8BF6A">:pipeline</span><span style="font-family:"Fira Code";color:#54A857">><br> </span><span style="font-family:"Fira Code";color:#E8BA36"></</span><span style="font-family:"Fira Code";color:#E8BF6A">executeScript</span><span style="font-family:"Fira Code";color:#E8BA36">><br> </span><span style="font-family:"Fira Code";color:#179387"></</span><span style="font-family:"Fira Code";color:#E8BF6A">scriptExecution</span><span style="font-family:"Fira Code";color:#179387">><br> </span><span style="font-family:"Fira Code";color:#5060BB"></</span><span style="font-family:"Fira Code";color:#E8BF6A">policyActions</span><span style="font-family:"Fira Code";color:#5060BB">><br> </span><span style="font-family:"Fira Code";color:#359FF4"></</span><span style="font-family:"Fira Code";color:#E8BF6A">policyRule</span><span style="font-family:"Fira Code";color:#359FF4">><br> <</span><span style="font-family:"Fira Code";color:#E8BF6A">activation</span><span style="font-family:"Fira Code";color:#359FF4">><br> </span><span style="font-family:"Fira Code";color:#5060BB"><</span><span style="font-family:"Fira Code";color:#E8BF6A">effectiveStatus</span><span style="font-family:"Fira Code";color:#5060BB">></span><span style="font-family:"Fira Code";color:#A9B7C6">enabled</span><span style="font-family:"Fira Code";color:#5060BB"></</span><span style="font-family:"Fira Code";color:#E8BF6A">effectiveStatus</span><span style="font-family:"Fira Code";color:#5060BB">><br> </span><span style="font-family:"Fira Code";color:#359FF4"></</span><span style="font-family:"Fira Code";color:#E8BF6A">activation</span><span style="font-family:"Fira Code";color:#359FF4">><br></span><span style="font-family:"Fira Code";color:#54A857"></</span><span style="font-family:"Fira Code";color:#E8BF6A">assignment</span><span style="font-family:"Fira Code";color:#54A857">></span><o:p></o:p></pre>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Em 23 de mar. de 2023, à(s) 12:40, Patrik Sidler via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> escreveu:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Hi Community,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif">I am looking for a way to unassign manually requested Roles from a midPoint user.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif">The unassign should automatically be started when the administrativeStatus of this user changes to disabled (validTo is reached) or when the user is transferred
from one Organisation to another for example (attribute change).</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif">I know it should be possible to do this with a scheduled bulkAction.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif">But I really looking for another, easier way to solve this.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif">Thank you in advance for your help</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif">Best regards,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif">Patrik</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Verdana",sans-serif"> </span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">_______________________________________________<br>
midPoint mailing list<br>
</span><a href="mailto:midPoint@lists.evolveum.com"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">midPoint@lists.evolveum.com</span></a><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">https://lists.evolveum.com/mailman/listinfo/midpoint</span></a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>