[midPoint] - SciptedSQL connector misshandling inherited roles deletion
Rodrigo Yanis
ryanis at identicum.com
Thu Nov 10 15:33:34 CET 2016
Hello everyone,
We're having issues with our ScriptedSQL connector misshandling group
membership removals when said memberships come from roles that are
inherited from a higher level role, that is assigned to the user.
When we remove the database role (the one that is linked to the resource's
meta-role, and represents a database group) from the higher level role, and
perform a reconciliation on the user, this does not remove the group
membership of this user in the database. This only happens if the database
role is assigned directly to the user, and then removed.
We've also tried with a recompute task on the user, still with no luck.
Since our role hierarchy does not support this last option, we must find a
way (either through a task or directly) to remove memberships to roles that
are no longer induced into the high level role.
Do you have an idea on how to proceed?
Thanks for your help
*Rodrigo Yanis.*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4824-9971
ryanis at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161110/a398c7ef/attachment.htm>
More information about the midPoint
mailing list