Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-1854

Unassigning role that associates an entitlement (group) with the user does not remove the association (group) from the user

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 3.0 (Newton)
    • 3.0 (Newton)
    • None
    • None

    Description

      Role has inducement+construction and associationTargetSearch.
      Assigning the role to the user will associate (=assign) the group on the target system (AD).
      Unassigning the role from the user will keep the group associated - user is still member of the role.

      Resource is configured to "disable instead of delete".

      TRACE for model:

      . . .
            Account executed deltas:
              [
                LensObjectDeltaOperation
                  Delta:
                    ObjectDelta<ShadowType>(ShadowType:879fbbfa-8560-4ec4-acd2-ad4b9fdb9ba9,MODIFY):
                      association
                        DELETE:
                          id=null
                            name: {http://midpoint.evolveum.com/xml/ns/public/resource/instance-2}adGroups
                            shadowRef: oid=6d142d2b-2ea5-43cc-bb39-97b1b4c65bb2(ShadowType)
                            identifiers: 
                                uid: <GUID=ffe3f25b65f72f419461d3bc530fd6fa>
                                name: 
                                  CN=TestGroup1,................
                      metadata/modifyChannel
                        REPLACE: http://midpoint.evolveum.com/xml/ns/public/gui/channels-2#user
                      metadata/modifyTimestamp
                        REPLACE: 2014-04-22T16:30:44.192+02:00
                      metadata/modifierRef
                        REPLACE: oid=00000000-0000-0000-0000-000000000002
                  Execution result:
                                  *op* com.evolveum.midpoint.model.lens.ChangeExecutor.executeDelta, st: SUCCESS, msg: null
      . . .
                                              [p]options=com.evolveum.midpoint.provisioning.api.ProvisioningOperationOptions@343be2fd
                                              [c]implementationClass=com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl
                                          *op* com.evolveum.midpoint.provisioning.ucf.api.ConnectorInstance.modifyObject, st: SUCCESS, msg: null
                                                  [p]identifiers=[RA({.../connector/icf-1/resource-schema-2}uid):[PPV(String:<GUID=ffe3f25b65f72f419461d3bc530fd6fa>)],RA({.../connector/icf-1/resource-schema-2}name):[PPV(String:CN=TestGroup1,............)]]
                                                  [p]objectClass=rOCD ({http://midpoint.evolveum.com/xml/ns/public/resource/instance-2}CustomGroupObjectClass)
                                                  [p]changes=[com.evolveum.midpoint.provisioning.ucf.api.PropertyModificationOperation@4d25a95d]
                                              *op* org.identityconnectors.framework.api.ConnectorFacade.update, st: SUCCESS, msg: null
                                                      [p]uid=<GUID=ffe3f25b65f72f419461d3bc530fd6fa>
                                                      [p]objectClass=rOCD ({http://midpoint.evolveum.com/xml/ns/public/resource/instance-2}CustomGroupObjectClass)
                                                      [p]attributes=[]
                                                      [p]options=OperationOptions: {}
                                                      [c]connector=org.identityconnectors.framework.impl.api.remote.RemoteConnectorFacadeImpl
                                              *op* org.identityconnectors.framework.api.ConnectorFacade.update, st: SUCCESS, msg: null
                                                      [p]uid=<GUID=ffe3f25b65f72f419461d3bc530fd6fa>
                                                      [p]objectClass=rOCD ({http://midpoint.evolveum.com/xml/ns/public/resource/instance-2}CustomGroupObjectClass)
                                                      [p]attributes=[Attribute: {Name=member, Value=[cn=tf1.pinta,ou=testovacia firma x1,ou=users,...........]}]
                                                      [p]options=OperationOptions: {}
                                                      [c]connector=org.identityconnectors.framework.impl.api.remote.RemoteConnectorFacadeImpl
      . . .
      

      Attachments

        Activity

          People

            vix Ivan Noris
            vix Ivan Noris
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: