-
Notifications
You must be signed in to change notification settings - Fork 188
/
role-corp-generic-metarole.xml
90 lines (80 loc) · 3.3 KB
/
role-corp-generic-metarole.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<!--
~ Copyright (c) 2010-2015 Evolveum
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
Explanation for roles structure:
user-assignable roles:
roles of unspecified type
- Visitor
- Customer
roles of type: job
- Contractor
- Employee
- Engineer (induces Employee)
- Manager (induces Employee)
metaroles:
- Generic Metarole: assigned to Visitor and Customer
- Job Metarole (induces Generic Metarole): assigned to Contractor, Employee, Engineer, Manager
Job Metarole ========[I]===========> Generic Metarole
^^ ^ ^ ^
|| | | |
+=========|| | | |
| | +=======|==+===[I]====+ | |
| | | | | | | |
| | | | | V | |
Contractor Engineer Manager Employee Visitor Customer
-->
<role oid="12345678-d34d-b33f-f00d-55555555a020"
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
<name>Generic Metarole</name>
<description>Metarole for all roles which are assigned directly to users</description>
<inducement id="1">
<construction>
<resourceRef oid="10000000-0000-0000-0000-000000000004" type="ResourceType"/>
<kind>account</kind>
<attribute>
<ref>ri:location</ref>
<outbound>
<source>
<path>$focus/locality</path>
</source>
</outbound>
</attribute>
</construction>
<order>2</order>
</inducement>
<inducement id="2">
<policyRule>
<name>approve-any-corp-role</name>
<policyConstraints>
<!-- applies to all assignment operations of this metarole-bearer as the target -->
<assignment/>
</policyConstraints>
<policyActions>
<approval>
<approverRelation>test-approver</approverRelation>
</approval>
</policyActions>
</policyRule>
</inducement>
<inducement id="3">
<targetRef oid="12345678-d34d-b33f-f00d-55555555aaaa" type="RoleType"/>
<order>2</order>
</inducement>
<inducement id="4">
<targetRef oid="f8f217f2-b864-416b-bce6-90c85385e43e" type="RoleType"/> <!-- metarole-sod-notification -->
</inducement>
</role>