[midPoint] - Issue in ScriptedSQL connector

Rodrigo Yanis ryanis at identicum.com
Sat Oct 29 01:49:40 CEST 2016 

Hello everyone,

We're facing an issue in an ScriptedSQL connector where, when we modify a
users' attribute, and this user is member to a role with a direct
inducement to an entitlement, the resource perfoms the update of said
attribute, and then executes an ADD_ATTRIBUTE_VALUES operation in the
UpdateScript.groovy of this connector.

This ADD_ATTRIBUTE_VALUES operation is unrelated to the former operation
that triggered this event (modify attribute), and is linked to the role
that has the inducement to the entitlement. This is not something we want,
as this triggers custom logic that is completely undrelated to an attribute
modification.

In a different situation, if we try adding a role linked to a meta-role
(with inducements to entitlements) to the user, this described before does
not happen (the user attribute is modified and no other operation is
triggered).

This is the XML of the role with the entitlement:

<name>Role with direct inducement to the application</name>
   <metadata>
      <createTimestamp>2016-10-28T11:07:41.393-03:00</createTimestamp>
      <creatorRef oid="00000000-0000-0000-0000-000000000002"
type="c:UserType"><!-- administrator --></creatorRef>
      <createChannel>
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport
</createChannel>
   </metadata>
   <inducement id="1">
      <construction>
         <resourceRef type="c:ResourceType">
            <filter>
               <q:equal>
                  <q:path>c:name</q:path>
                  <q:value>SCRIPTEDSQL_1</q:value>
               </q:equal>
            </filter>
         </resourceRef>
         <kind>account</kind>
         <association>
            <c:ref>ri:GroupObjectClass</c:ref>
            <outbound>
               <strength>strong</strength>
               <expression>
                  <associationTargetSearch>
                     <filter>
                        <q:equal>
                           <q:path>attributes/icfs:name</q:path>
                           <q:value>TEST_BU_CLASS1</q:value>
                        </q:equal>
                     </filter>
                     <searchStrategy>onResourceIfNeeded</searchStrategy>
                  </associationTargetSearch>
               </expression>
            </outbound>
         </association>
      </construction>
   </inducement>
</role>

Do you have any clues on why this might be happening and how to avoid this
ADD_ATTRIBUTE_VALUES operation?

Thanks in advance,

*Rodrigo Yanis.*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4824-9971
ryanis at identicum.com
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161028/5219e9af/attachment.htm>

More information about the midPoint mailing list