[midPoint] - SciptedSQL connector misshandling inherited roles deletion
Rodrigo Yanis
ryanis at identicum.com
Thu Nov 10 18:21:04 CET 2016
Hello Ivan, thanks for you response.
Unfortunatelly this didn't work. All our association attributes are set to
tolerance=false by default.
Strange thing is, this only happens when reconciling on already assigned
high level roles, not on assignment time.
Any other suggestion?
Thanks again,
*Rodrigo Yanis.*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4824-9971
ryanis at identicum.com
www.identicum.com
2016-11-10 9:48 GMT-05:00 Ivan Noris <ivan.noris at evolveum.com>:
> Hi Rodrigo,
>
> maybe <tolerant>false</tolerant> for association or your group attribute
> (if not using associations) could help...
>
> Ivan
>
> On 11/10/2016 03:33 PM, Rodrigo Yanis wrote:
>
> Hello everyone,
>
> We're having issues with our ScriptedSQL connector misshandling group
> membership removals when said memberships come from roles that are
> inherited from a higher level role, that is assigned to the user.
>
> When we remove the database role (the one that is linked to the resource's
> meta-role, and represents a database group) from the higher level role, and
> perform a reconciliation on the user, this does not remove the group
> membership of this user in the database. This only happens if the database
> role is assigned directly to the user, and then removed.
>
> We've also tried with a recompute task on the user, still with no luck.
>
> Since our role hierarchy does not support this last option, we must find a
> way (either through a task or directly) to remove memberships to roles that
> are no longer induced into the high level role.
>
> Do you have an idea on how to proceed?
>
> Thanks for your help
>
> *Rodrigo Yanis.*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4824-9971
> ryanis at identicum.com
> www.identicum.com
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ivan Noris
> Senior Identity Engineerevolveum.com
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161110/33057129/attachment.htm>
More information about the midPoint
mailing list