none
FIM XPath and Security Group filter RRS feed

  • Question

  • Hi,

    I'm able to create a SG with a simple xpath filter like this: /Person[(ObjectID = '7fb2b853-24f0-4498-9534-4e10589723c4')]

    Now, I want to crate a SG with a more complex filter like this one:

    /Person[ObjectID = /UserEntityAssociation[EntityRef = /Entity[EntityCode = '100'] and RoleRef=Role[DisplayName = ‘RESP’]]/Manager]

    The Expression I'm using in the filter works on a FIM Webservice defaultClient.Enumerate

    Is this a FIM limitation or a configuration issue?

    I doubt it's a permissions issues because I'm able to change the xpath expression. I just can´t put a more complicated one.

    The error I get on the portal is this:

    Error processing your request: The server was unwilling to perform the requested operation.
    Reason: Unspecified.
    Attributes:
    Correlation Id: e8a666f0-4b7b-4e4d-b64e-3d3e8c7538ad
    Request Id:
    Details: Request could not be dispatched.

    Many thanks,

    DD



    • Edited by DevDiver Tuesday, February 24, 2015 4:54 PM
    Tuesday, February 24, 2015 4:28 PM

Answers

  • In fact, you can only use "ComputedMember"  with object type "Set" or "Group" for that kind of Xpath for the group filter (and only "Set" for the Set filter).

    Regards,


    Sylvain

    • Marked as answer by DevDiver Wednesday, February 25, 2015 3:31 PM
    Wednesday, February 25, 2015 12:56 PM

All replies

  • Hello DevDiver,

    Unfortunately, filter for group and set are restricted by the System. You cannot use an Xpath expression in your Xpath filter. You can only use simple XPath.

    You can find this limitations here

    under the Understanding set limitations section

    Regards,


    Sylvain


    • Edited by Sylvain.c Wednesday, February 25, 2015 8:20 AM edit link
    Tuesday, February 24, 2015 4:45 PM
  • Thanks Sylvain, that's quite helpfull.

    Attention to the link you mentioned, it has some chars at the end invalidating the navigation.

    the link helped me to understand the existing limitations, so I created a set with the desired Objects to work with.

    Althouh, I cannot create a SG with this filter:

    Person[ObjectID = /Set[ObjectID = '203ecb88-8100-4f67-ac84-41067da6acdb']/ComputedMember/Utilizador]

    I can´t even create a set with these:

    /Set[ObjectID = '203ecb88-8100-4f67-ac84-41067da6acdb']/ComputedMember

    These xpath expressions are valid, they work via the webservice enumerate and they are not included in the FIM Service limitations, I think.

    Is there anyway I can make this work?

    Many thanks,

    DD


    • Edited by DevDiver Tuesday, February 24, 2015 8:15 PM
    Tuesday, February 24, 2015 8:12 PM
  • Normally you can use this kind of filter:

    /Person[ObjectID = /Set[ObjectID = '203ecb88-8100-4f67-ac84-41067da6acdb']/ComputedMember]

    Without the last attribute "Utilizador"

    Regards,


    Sylvain

    Wednesday, February 25, 2015 8:22 AM
  • Yes, that did work. I mean the expression was accepted by FIM.

    The Set[ObjectID = '203ecb88-8100-4f67-ac84-41067da6acdb'] gives me a custom Resource. I need to get the "Person" out of it via the "Utilizador" attribute but I can´t figure out how.

    The "Utilizador" attribute is a reference to Person.

    Any idea?

    Many thanks,

    DD


    • Edited by DevDiver Wednesday, February 25, 2015 10:03 AM
    Wednesday, February 25, 2015 9:52 AM
  • I am not sure of what you want to do. You want to get all people that are referenced by the attribute Utilizador of person that are in a specific set?

    If it's that, it's not allowed by filter for group.

    Regards,


    Sylvain

    Wednesday, February 25, 2015 10:22 AM
  • Yes, I want to get all the Persons that are in that specific set.

    The set objects are of a custom resource type and in that custom resource the "Utilizador" attribute is a Person reference.

    I guess that can be not allowed on filtering for groups but I expected it to be allowed for a Set Expression.

    Thanks,

    DD

     
    Wednesday, February 25, 2015 10:32 AM
  • In fact, you can only use "ComputedMember"  with object type "Set" or "Group" for that kind of Xpath for the group filter (and only "Set" for the Set filter).

    Regards,


    Sylvain

    • Marked as answer by DevDiver Wednesday, February 25, 2015 3:31 PM
    Wednesday, February 25, 2015 12:56 PM