midPoint
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

MidPoint 3.7 and later

This feature is available only in midPoint 3.7 and later. Partial implementation by using object template was available since midPoint 3.2.

Introduction

There are many ways how to assign roles, orgs and services. Many roles are assigned using a manual or partially-manual process. But there is almost always some degree of automation when at least some roles are assigned to users according to fixed rules. This page describes the mechanism to automatically assign roles in midPoint.

Autoassignment Conditions in Roles

Perhaps the most convenient way to automatically assign a role is to use autoassignment condition in a role:

Autoassignment mapping in a role
<role>
    <name>Intern</name>
    ...
    <autoassign>
        <enabled>true</enabled>
        <focus>
            <mapping>
                <source>
                    <path>employeeType</path>
                </source>
                <condition>
                    <script>
                        <code>employeeType == 'intern'</code>
                    </script>
                </condition>
            </mapping>
        </focus>
    </autoassign>
</role>

The role above will be automatically assigned to any user that has property employeeType set to intern. As all midPoint mapping even this mapping is relativistic. If user becomes an intern (the employeeType property is changed) then the role is automatically assigned. When the user stops being an intern the role is unassigned.

Autoassignment in Object Template

TODO

Roles Within Roles

TODO: inducement

TODO: exclusion and pruning

See Also

  • No labels

Copyright © 2011-2020 Evolveum s.r.o. and Contributors, CC BY-NC-ND