[midPoint] Enforce full on entitlement / groups membership
Wojciech Staszewski
wojciech.staszewski at diagnostyka.pl
Wed Dec 20 19:45:10 CET 2017
Hello!
If I understand this example:
https://wiki.evolveum.com/display/midPoint/Projection+Policy
the enforcement policy should be outside "schemaHandling" as a separate
section:
<projection>
<assignmentPolicyEnforcement>full</assignmentPolicyEnforcement>
</projection>
I have it configured this way and it works - it removes not assigned
entitlements.
Good luck!
WS
W dniu 20.12.2017 o 18:52, Alcides Carlos de Moraes Neto pisze:
> Hello list,
>
> I have a working Org. Unit -> AD group mapping, with an
> AssociationFromLink inducement for members.
>
> However, I would like Midpoint to also remove members of the AD group
> that are added manually, that don't match members of the Org. Unit.
> I tried using
> <assignmentPolicyEnforcement>full</assignmentPolicyEnforcement>
> inside the Schema Handling for the entitlement, but it didn't work.
>
> Any leads?
> Thanks in advance.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171220/579d5e96/attachment.htm>
More information about the midPoint
mailing list