[midPoint] Midpoint Concept What is vs. What should be - towards account entitlements

Ivan Noris Ivan.Noris at evolveum.com
Tue Jun 27 17:03:26 CEST 2017 

Hi Daniel, 

I have just reproduced it with recent 3.6 SNAPSHOT and it looks like you've hit a bug. I have created https://jira.evolveum.com/browse/MID-4021 - feel free to add to watchers. Also if there is anything missing in the issue description feel free to update. 

Thank you for reporting! 

Best regards, 
Ivan 

----- Original Message -----

> From: "Daniel Sommer" <Daniel.Sommer at itconcepts.net>
> To: midpoint at lists.evolveum.com
> Sent: Tuesday, June 27, 2017 4:24:57 PM
> Subject: [midPoint] Midpoint Concept What is vs. What should be - towards
> account entitlements

> Hello,

> we have connected Midpoint to an active directory. It has accounts and group
> entitlements. We are able to set accounts to users (and the group to a
> role).
> We can assign such entitlement to a user by adding a role with specific
> second order inducement. So far, so good.

> Now we set the value in the config object to "none": "
> globalAccountSynchronizationSettings/ assignmentPolicyEnforcement"

> If we now remove the role for the user again, the accounts (projections) stay
> - as expected. But what gets lost is the entitlement !

> The user is not in a group anymore. So what is the problem:

> Does not apply your concept of what is and should be to entitlements?

> Is there a place in shadows or similar where the (real what is) state is
> saved within midpoint towards account entitlements (group memberships)?

> Best regards and thx in advance,

> Daniel

> Daniel Sommer
> Office: +49 228 908733 0 | Fax: +49 228 908733 1 | Mobil: +49 176 162086 79

> ITConcepts Professional GmbH - In den Dauen 6 - DE 53117 Bonn

> Website www.itconcepts.net

> Besuchen Sie uns auch auf

> Events mit ITConcepts .
> 29. Juni: IT Security Management & Technology Conference 2017 in Hanau. Mehr
> Infos hier:
> 13. Juli: IT Security Management & Technology Conference 2017 in Hamburg.
> Mehr Infos hier:

> ITConcepts Professional GmbH Gf.: Sven Moog, Sitz Bonn, AG Bonn HRB 12947 -
> Ust-Id Nr: DE211482933
> ITConcepts Automotive GmbH Gf.: Sven Moog, Sitz Wolfsburg, AG Braunschweig
> HRB 204188 - Ust-Id Nr: DE223888748
> ITConcepts Operations GmbH Gf.: Sven Moog, Sitz Bonn, AG Bonn HRB 15454 -
> St.-Nr: 205/5726/0602

> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind
> oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
> Absender und vernichten Sie diese Mail.
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail sind
> nicht gestattet.

> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient
> (or have received this e-mail in error) please notify the sender immediately
> and destroy this e-mail.
> Any unauthorised copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris 
Senior Identity Engineer 
evolveum.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170627/3f9fb626/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ITConcepts.gif
Type: image/gif
Size: 2977 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170627/3f9fb626/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: COGNITUM.gif
Type: image/gif
Size: 501 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170627/3f9fb626/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xing20.gif
Type: image/gif
Size: 1009 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170627/3f9fb626/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin20.gif
Type: image/gif
Size: 1026 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170627/3f9fb626/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Facebook_Signatur.gif
Type: image/gif
Size: 587 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170627/3f9fb626/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Twitter_Signatur.gif
Type: image/gif
Size: 585 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170627/3f9fb626/attachment-0005.gif>

More information about the midPoint mailing list