[midPoint] Unlinking accounts when user is deleted / unassigned?

Ivan Noris ivan.noris at evolveum.com
Thu Aug 9 10:54:53 CEST 2018


Hi,

just to inform you that we are already tracking:

https://jira.evolveum.com/browse/MID-2142 (Capabilities per objectType
(e.g. Delete capability only for some intents)

and

https://jira.evolveum.com/browse/MID-2144 (Configured capabilities - add
a way to ignore instead of "Operation not supported" error)

There are marked as "subscription needed", so you may want to use a
subscription to prioritize them.

Related to unlinking: I'm not aware of any way, but even if there was a
way how to unlink an account (probably it's possible using bulk tasks),
the account would be linked back if any synchronization would run for
that resource and unlinked->link reaction would be specified. This is
because unlink = dropping linkRef reference from user object to shadow,
but the shadow would still remain in the repository. Even if the shadow
would not remain, it would be recreated upon next reconciliation with
the system, as the account still exists.

So the best option would be avoid deletion of the accounts by using
configured capabilities, but as you correctly stated, the current
behaviour would apply for all objects on the resource (accounts, groups
etc.). That's why we are tracking the features in our JIRA.

Best regards,

Ivan


On 08.08.2018 21:57, Alcides Carlos de Moraes Neto wrote:
> Hello list,
>
> Quick question: Is it possible to not delete, but unlink accounts when
> a user is deleted and/or unassigned from the account?
>
> Right now I'm able to disable instead of delete, but the account
> remains linked to the user.
> I would like to either delete the user without deleting the account,
> or unlink the user from the account automatically.
>
> I have simulated this by removing the "delete" capability from the
> resource, but this is not viable, as I need to be able to delete
> groups, but not users.
>
> Thanks!
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180809/dbdf74bc/attachment.htm>


More information about the midPoint mailing list