[midPoint] - SciptedSQL connector misshandling inherited roles deletion
Ivan Noris
ivan.noris at evolveum.com
Thu Nov 10 15:48:45 CET 2016
Hi Rodrigo,
maybe <tolerant>false</tolerant> for association or your group attribute
(if not using associations) could help...
Ivan
On 11/10/2016 03:33 PM, Rodrigo Yanis wrote:
> Hello everyone,
>
> We're having issues with our ScriptedSQL connector misshandling group
> membership removals when said memberships come from roles that are
> inherited from a higher level role, that is assigned to the user.
>
> When we remove the database role (the one that is linked to the
> resource's meta-role, and represents a database group) from the higher
> level role, and perform a reconciliation on the user, this does not
> remove the group membership of this user in the database. This only
> happens if the database role is assigned directly to the user, and
> then removed.
>
> We've also tried with a recompute task on the user, still with no luck.
>
> Since our role hierarchy does not support this last option, we must
> find a way (either through a task or directly) to remove memberships
> to roles that are no longer induced into the high level role.
>
> Do you have an idea on how to proceed?
>
> Thanks for your help
>
> *Rodrigo Yanis.*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4824-9971
> ryanis at identicum.com <mailto:ryanis at identicum.com>
> www.identicum.com <http://www.identicum.com/>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161110/5e0ca06b/attachment.htm>
More information about the midPoint
mailing list