Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

MidPoint 3.9 and later

Relation is an important mechanism that is used at many places in midPoint. But perhaps the most important usage is to enable advanced features of RBAC and organizational structure management. Older midPoint versions had hardcoded set of relations that could not be customized. MidPoint version 3.9 introduced partial configuration of relations. Now it is possible to add new relation that will be used by midPoint in addition to hardcoded relations.

The relations are configured in system configuration object:

 <systemConfiguration oid="00000000-0000-0000-0000-000000000001"
    xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
    xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
    xmlns:piracy="http://midpoint.evolveum.com/xml/ns/samples/piracy">
    ...
    <roleManagement>
        <relations>
            <relation>
                <ref>piracy:captain</ref>
                <description>This is completely new relation</description>
                <display>
                    <label>Captain</label>
                </display>
                <category>organization</category>
                <category>governance</category>
            </relation>
            <relation>
                <ref>org:owner</ref>
                <description>This is redefined default relation. EXPERIMENTAL</description>
                <display>
                    <label>Master</label>
                </display>
                <category>policy</category>
                <category>governance</category>
            </relation>
        </relations>
    </roleManagement>
</systemConfiguration>

The configuration above is adding one new relation to the system: captain. This relation will work in the same way as hardcoded relations, but it will not have any special functionality that is associated with special relations such as deputy.

It is recommended to use your own custom namespace for custom relations. Such as the piracy namespace in the example above. End user will not see the namespace at all, it is just an internal mechanism. It is likely that new built-in relations will be introduced in future midPoint versions. Using separate namespaces is a mechanism to avoid identifier conflict in future midPoint versions.

Relation can be sorted into categories categories. Each category determines is which parts of the user interface will be particular relation used. See User Interface Area Categories page for more details.

TODO: changing existing (hardcoded) relations is experimental functionality.

Incomplete feature

This is a an incomplete feature of midPoint. We are perfectly capable to implement, fix and finish the feature, just the funding for the work is needed. Please consider the possibility for supporting development of this feature by means of midPoint Platform subscription. If you already are midPoint Platform subscriber and this feature is within the goals of your deployment you may be able to use your subscription to endorse implementation of this feature.

 See Also

  • No labels