<div dir="ltr">I understood how to select which account intent to use when applying roles using a metarole. Using the assignment attribute "subtype" as a parameter we can configure our meta-role to which account we want to apply a role. Subtype can be set in UI in assignment or in business role xml.  <div><br><div style="background-color:rgb(30,31,34);color:rgb(188,190,196)"><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(213,183,120)"><role></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(213,183,120)"><name>meta</name>
<inducement><br></span><span style="color:rgb(213,183,120)">    <construction><br></span><span style="color:rgb(213,183,120)">        <resourceRef </span>oid<span style="color:rgb(106,171,115)">="746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2" </span>relation<span style="color:rgb(106,171,115)">="org:default" </span>type<span style="color:rgb(106,171,115)">="c:ResourceType"</span><span style="color:rgb(213,183,120)">/><br></span><span style="color:rgb(213,183,120)">        <kind></span>account<span style="color:rgb(213,183,120)"></kind><br></span><span style="color:rgb(213,183,120)">        <intent></span>default<span style="color:rgb(213,183,120)"></intent><br></span><span style="color:rgb(213,183,120)">        <association><br></span><span style="color:rgb(213,183,120)">            <ref></span>ri:group<span style="color:rgb(213,183,120)"></ref><br></span><span style="color:rgb(213,183,120)">            <outbound><br></span><span style="color:rgb(213,183,120)">                <authoritative></span>true<span style="color:rgb(213,183,120)"></authoritative><br></span><span style="color:rgb(213,183,120)">                <expression><br></span><span style="color:rgb(213,183,120)">                    <associationFromLink><br></span><span style="color:rgb(213,183,120)">                        <projectionDiscriminator </span><span style="color:rgb(199,125,187)">xsi</span>:type<span style="color:rgb(106,171,115)">="c:ShadowDiscriminatorType"</span><span style="color:rgb(213,183,120)">><br></span><span style="color:rgb(213,183,120)">                            <kind></span>entitlement<span style="color:rgb(213,183,120)"></kind><br></span><span style="color:rgb(213,183,120)">                            <intent></span>group<span style="color:rgb(213,183,120)"></intent><br></span><span style="color:rgb(213,183,120)">                        </projectionDiscriminator><br></span><span style="color:rgb(213,183,120)">                    </associationFromLink><br></span><span style="color:rgb(213,183,120)">                </expression><br></span><span style="color:rgb(213,183,120)">            </outbound><br></span><span style="color:rgb(213,183,120)">        </association><br></span><span style="color:rgb(213,183,120)">    </construction><br></span><span style="color:rgb(213,183,120)">    <order></span>2<span style="color:rgb(213,183,120)"></order><br></span><span style="color:rgb(213,183,120)">    <focusType></span>UserType<span style="color:rgb(213,183,120)"></focusType><br></span><span style="color:rgb(213,183,120)">    <condition><br></span><span style="color:rgb(213,183,120)">        <expression><br></span><span style="color:rgb(213,183,120)">            <script><br></span><span style="color:rgb(213,183,120)">                <code></span><span style="color:rgb(213,183,120);background-color:rgb(41,60,64)"><br></span><span style="color:rgb(213,183,120);background-color:rgb(41,60,64)">                    </span><span style="background-color:rgb(41,60,64)">import com.evolveum.midpoint.model.api.context.AssignmentPathSegment<br></span><span style="background-color:rgb(41,60,64)">                    import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType<br></span><span style="background-color:rgb(41,60,64)"><br></span><span style="background-color:rgb(41,60,64)">                    AssignmentType a = ((AssignmentPathSegment) assignmentPath.beforeLast(2)).getAssignment()<br></span><span style="background-color:rgb(41,60,64)"><br></span><span style="background-color:rgb(41,60,64)">                    return basic.isEmpty(a.getSubtype()) || basic.contains(a.getSubtype(), "default")<br></span><span style="background-color:rgb(41,60,64)">                </span><span style="color:rgb(213,183,120)"></code><br></span><span style="color:rgb(213,183,120)">            </script><br></span><span style="color:rgb(213,183,120)">        </expression><br></span><span style="color:rgb(213,183,120)">    </condition><br></span><span style="color:rgb(213,183,120)"></inducement><br></span><span style="color:rgb(213,183,120)"><inducement><br></span><span style="color:rgb(213,183,120)">    <construction><br></span><span style="color:rgb(213,183,120)">        <resourceRef </span>oid<span style="color:rgb(106,171,115)">="746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2" </span>relation<span style="color:rgb(106,171,115)">="org:default" </span>type<span style="color:rgb(106,171,115)">="c:ResourceType"</span><span style="color:rgb(213,183,120)">/><br></span><span style="color:rgb(213,183,120)">        <kind></span>account<span style="color:rgb(213,183,120)"></kind><br></span><span style="color:rgb(213,183,120)">        <intent></span>admin<span style="color:rgb(213,183,120)"></intent><br></span><span style="color:rgb(213,183,120)">        <association><br></span><span style="color:rgb(213,183,120)">            <ref></span>ri:group<span style="color:rgb(213,183,120)"></ref><br></span><span style="color:rgb(213,183,120)">            <outbound><br></span><span style="color:rgb(213,183,120)">                <authoritative></span>true<span style="color:rgb(213,183,120)"></authoritative><br></span><span style="color:rgb(213,183,120)">                <expression><br></span><span style="color:rgb(213,183,120)">                    <associationFromLink><br></span><span style="color:rgb(213,183,120)">                        <projectionDiscriminator </span><span style="color:rgb(199,125,187)">xsi</span>:type<span style="color:rgb(106,171,115)">="c:ShadowDiscriminatorType"</span><span style="color:rgb(213,183,120)">><br></span><span style="color:rgb(213,183,120)">                            <kind></span>entitlement<span style="color:rgb(213,183,120)"></kind><br></span><span style="color:rgb(213,183,120)">                            <intent></span>group<span style="color:rgb(213,183,120)"></intent><br></span><span style="color:rgb(213,183,120)">                        </projectionDiscriminator><br></span><span style="color:rgb(213,183,120)">                    </associationFromLink><br></span><span style="color:rgb(213,183,120)">                </expression><br></span><span style="color:rgb(213,183,120)">            </outbound><br></span><span style="color:rgb(213,183,120)">        </association><br></span><span style="color:rgb(213,183,120)">    </construction><br></span><span style="color:rgb(213,183,120)">    <order></span>2<span style="color:rgb(213,183,120)"></order><br></span><span style="color:rgb(213,183,120)">    <focusType></span>UserType<span style="color:rgb(213,183,120)"></focusType><br></span><span style="color:rgb(213,183,120)">    <condition><br></span><span style="color:rgb(213,183,120)">        <expression><br></span><span style="color:rgb(213,183,120)">            <script><br></span><span style="color:rgb(213,183,120)">                <code></span><span style="color:rgb(213,183,120);background-color:rgb(41,60,64)"><br></span><span style="color:rgb(213,183,120);background-color:rgb(41,60,64)">                    </span><span style="background-color:rgb(41,60,64)">import com.evolveum.midpoint.model.api.context.AssignmentPathSegment<br></span><span style="background-color:rgb(41,60,64)">                    import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType<br></span><span style="background-color:rgb(41,60,64)"><br></span><span style="background-color:rgb(41,60,64)">                    AssignmentType a = ((AssignmentPathSegment) assignmentPath.beforeLast(2)).getAssignment()<br></span><span style="background-color:rgb(41,60,64)"><br></span><span style="background-color:rgb(41,60,64)">                    return !basic.isEmpty(a.getSubtype()) </span><span style="color:rgb(86,168,245);background-color:rgb(41,60,64)">&amp;&amp; </span><span style="background-color:rgb(41,60,64)">basic.contains(a.getSubtype(), "admin")<br></span><span style="background-color:rgb(41,60,64)">                </span><span style="color:rgb(213,183,120)"></code><br></span><span style="color:rgb(213,183,120)">            </script><br></span><span style="color:rgb(213,183,120)">        </expression><br></span><span style="color:rgb(213,183,120)">    </condition><br></span><span style="color:rgb(213,183,120)"></inducement></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(213,183,120)"></role></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(213,183,120)"><br></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><div><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(213,183,120)"><role</span><span style="color:rgb(213,183,120)">><br></span><span style="color:rgb(213,183,120)">    <name>business</span><span style="color:rgb(213,183,120)"></name><br></span><span style="color:rgb(213,183,120)">    <inducement></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt">        <documentation<span style="font-size:9.8pt">></span><span style="font-size:9.8pt">target below is a group role managed by metarole</span><span style="font-size:9.8pt;color:rgb(213,183,120)"></documentation></span></pre><pre style="font-family:"JetBrains Mono",monospace;font-size:9.8pt"><span style="color:rgb(213,183,120)">        <subtype></span>admin<span style="color:rgb(213,183,120)"></subtype><br></span><span style="color:rgb(213,183,120)">        <targetRef </span>oid<span style="color:rgb(106,171,115)">="3ed7ec5c-6bf6-4eaa-b214-afb83bfb7d03" </span>relation<span style="color:rgb(106,171,115)">="org:default" </span>type<span style="color:rgb(106,171,115)">="c:RoleType"</span><span style="color:rgb(213,183,120)">/><br></span><span style="color:rgb(213,183,120)">        <focusType></span>c:UserType<span style="color:rgb(213,183,120)"></focusType><br></span><span style="color:rgb(213,183,120)">    </inducement><br></span><span style="color:rgb(213,183,120)"></role><br></span></pre></div></pre></pre></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 12 Apr 2024 at 13:45, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com" target="_blank">yrevyakin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I have AD group roles - name of role is equal to group name and the role has the group shadow linked.<br>I am able to assign this role to a user using the standard metarole approach resulting in appropriate association and membership. This works excellent if there is a single account object type intent. The metarole knows which intent to consider.<br>I'd like to be able to associate AD accounts of different intents with those groups. </div><div>Have you any idea how to implement this? Probably something like an intermediate role which knows what intent to use...</div><div>Thanks,</div><div>Yakov <br></div></div>
</blockquote></div>