[midPoint] PoilcyRules prune with filter
Sylvaire kevin TIPA
sylvaire-kevin.tipa at mythalesgroup.io
Wed May 16 00:11:26 CEST 2018
Hello,
I have something strange in my SoD metarole. I use a policyRules with prune action, when I set the target ref static (with oid) it work. But when I set it with filter, it do nothing .. some idea ?
WORK :
<inducement >
<policyRule>
<name>Segregation for Guestt</name>
<policyConstraints>
<exclusion>
<targetRef oid="e7eb6293-79a9-4be7-b417-21dee480c871" relation="org:default" type="c:RoleType"/>
</exclusion>
</policyConstraints>
<policyActions>
<prune/>
</policyActions>
</policyRule>
</inducement>
<inducement>
<policyRule>
<name>Segregation for Reporterr</name>
<policyConstraints>
<exclusion>
<targetRef oid="1f756f93-1f46-4d66-b3df-c2f33634807b" relation="org:default" type="c:RoleType"/>
</exclusion>
</policyConstraints>
<policyActions>
<prune/>
</policyActions>
</policyRule>
</inducement>
HS :
<inducement id="1">
<policyRule>
<name>Segregation for Guest</name>
<policyConstraints>
<exclusion>
<targetRef relation="org:default" type="c:RoleType">
<filter>
<q:inOid>
<expression>
<script>
<code>
return "e7eb6293-79a9-4be7-b417-21dee480c871"
</code>
</script>
</expression>
</q:inOid>
</filter>
<resolutionTime>run</resolutionTime>
</targetRef>
</exclusion>
</policyConstraints>
<policyActions>
<prune />
</policyActions>
</policyRule>
</inducement>
<inducement id="2">
<policyRule>
<name>Segregation for Reporter</name>
<policyConstraints>
<exclusion>
<targetRef relation="org:default" type="c:RoleType">
<filter>
<q:inOid>
<expression>
<script>
<code>
return "1f756f93-1f46-4d66-b3df-c2f33634807b"
</code>
</script>
</expression>
</q:inOid>
</filter>
<resolutionTime>run</resolutionTime>
</targetRef>
</exclusion>
</policyConstraints>
<policyActions>
<prune />
</policyActions>
</policyRule>
</inducement>
Cordialement.
Sylvaire-Kevin TIPA
Thales Services / OIC INFRAS
Devops Infrastructure Automation
[cid:f25912dd-9b63-464f-a53e-eedc69af73e7]
THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06
--------------------------------------------------
www.thalesgroup.com<http://www.thalesgroup.com>
This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180515/78102086/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-huov1ps1.png
Type: image/png
Size: 6112 bytes
Desc: Outlook-huov1ps1.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180515/78102086/attachment.png>
More information about the midPoint
mailing list