[midPoint] PoilcyRules prune with filter

Sylvaire kevin TIPA sylvaire-kevin.tipa at mythalesgroup.io
Wed May 16 07:54:48 CEST 2018 

I forgot to say that I'm in 3.6, and I just see that a JIRA is openning on it ...

https://jira.evolveum.com/browse/MID-3966


Sorry for the spam



Cordialement.


Sylvaire-Kevin TIPA
Thales Services / OIC INFRAS
Devops Infrastructure Automation

        [cid:8c8ea8c6-5bf3-4a2f-b145-7ec06507a5e5]





THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06



--------------------------------------------------
www.thalesgroup.com<http://www.thalesgroup.com>

________________________________
De : midPoint <midpoint-bounces at lists.evolveum.com> de la part de Sylvaire kevin TIPA <sylvaire-kevin.tipa at mythalesgroup.io>
Envoyé : mercredi 16 mai 2018 00:11:26
À : midpoint at lists.evolveum.com
Objet : [midPoint] PoilcyRules prune with filter


Hello,


I have something strange in my SoD metarole. I use a policyRules with prune action, when I set the target ref static (with oid) it work. But when I set it with filter, it do nothing .. some idea ?


WORK :

<inducement >
         <policyRule>
            <name>Segregation for Guestt</name>
            <policyConstraints>
               <exclusion>
                  <targetRef oid="e7eb6293-79a9-4be7-b417-21dee480c871" relation="org:default" type="c:RoleType"/>
               </exclusion>
            </policyConstraints>
            <policyActions>
               <prune/>
            </policyActions>
         </policyRule>
      </inducement>
      <inducement>
         <policyRule>
            <name>Segregation for Reporterr</name>
            <policyConstraints>
               <exclusion>
                  <targetRef oid="1f756f93-1f46-4d66-b3df-c2f33634807b" relation="org:default" type="c:RoleType"/>
               </exclusion>
            </policyConstraints>
            <policyActions>
               <prune/>
            </policyActions>
         </policyRule>
      </inducement>



HS :

<inducement id="1">
        <policyRule>
            <name>Segregation for Guest</name>
            <policyConstraints>
                <exclusion>
                    <targetRef relation="org:default" type="c:RoleType">
                        <filter>
                            <q:inOid>
                                <expression>
                                    <script>
                                        <code>
                                            return "e7eb6293-79a9-4be7-b417-21dee480c871"
                                </code>
                                    </script>
                                </expression>
                            </q:inOid>
                        </filter>
                        <resolutionTime>run</resolutionTime>
                    </targetRef>
                </exclusion>
            </policyConstraints>
            <policyActions>
                <prune />
            </policyActions>
        </policyRule>
    </inducement>
    <inducement id="2">
        <policyRule>
            <name>Segregation for Reporter</name>
            <policyConstraints>
                <exclusion>
                    <targetRef relation="org:default" type="c:RoleType">
                        <filter>
                            <q:inOid>
                                <expression>
                                    <script>
                                        <code>
                                        return "1f756f93-1f46-4d66-b3df-c2f33634807b"
                                </code>
                                    </script>
                                </expression>
                            </q:inOid>
                        </filter>
                            <resolutionTime>run</resolutionTime>
                    </targetRef>
                </exclusion>
            </policyConstraints>
            <policyActions>
                <prune />
            </policyActions>
        </policyRule>
    </inducement>




Cordialement.


Sylvaire-Kevin TIPA
Thales Services / OIC INFRAS
Devops Infrastructure Automation

        [cid:f25912dd-9b63-464f-a53e-eedc69af73e7]





THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06



--------------------------------------------------
www.thalesgroup.com<http://www.thalesgroup.com>

This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/01b5035b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-huov1ps1.png
Type: image/png
Size: 6112 bytes
Desc: Outlook-huov1ps1.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/01b5035b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-op3lod2a.png
Type: image/png
Size: 6112 bytes
Desc: Outlook-op3lod2a.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/01b5035b/attachment-0001.png>

More information about the midPoint mailing list