MidPoint 3.9 and later
Relation is an important mechanism that is used at many places in midPoint. But perhaps the most important usage is to enable advanced features of RBAC and organizational structure management. Older midPoint versions had hardcoded set of relations that could not be customized. MidPoint version 3.9 introduced partial configuration of relations. Now it is possible to add new relation that will be used by midPoint in addition to hardcoded relations.
The relations are configured in system configuration object:
The configuration above is adding one new relation to the system:
captain. This relation will work in the same way as hardcoded relations, but it will not have any special functionality that is associated with special relations such as
It is recommended to use your own custom namespace for custom relations. Such as the piracy namespace in the example above. End user will not see the namespace at all, it is just an internal mechanism. It is likely that new built-in relations will be introduced in future midPoint versions. Using separate namespaces is a mechanism to avoid identifier conflict in future midPoint versions.
Relation can be sorted into categories categories. Each category determines is which parts of the user interface will be particular relation used. See User Interface Area Categories page for more details.
TODO: changing existing (hardcoded) relations is experimental functionality.
This is a missing or incomplete feature of midPoint and/or of other related components. We are perfectly capable to implement, fix and finish the feature, just the funding for the work is needed. Please consider the possibility for supporting development of this feature by means of midPoint Platform subscription. If you already are midPoint Platform subscriber and this feature is within the goals of your deployment you may be able to use your subscription to endorse implementation of this feature.