[midPoint] PoilcyRules prune with filter
Pavol Mederly
mederly at evolveum.com
Wed May 16 10:09:17 CEST 2018
Hello,
this is not a spam :) Actually, the JIRA you mentioned is not quite
related to your problem.
Having looked at the source code now I see the problem is that although
filters are supported in exclusion constraints, expressions in these
filters are not. What is missing is the resolution of expressions
somewhere at ExclusionConstraintEvaluator.java:185 (in current master).
I have created a new JIRA for that:
https://jira.evolveum.com/browse/MID-4663.
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 16.05.2018 7:54, Sylvaire kevin TIPA wrote:
>
> I forgot to say that I'm in 3.6, and I just see that a JIRA is
> openning on it ...
>
> https://jira.evolveum.com/browse/MID-3966
>
>
> Sorry for the spam
>
>
>
> Cordialement.
>
>
> *Sylvaire-Kevin TIPA*
> /Thales Services / OIC INFRAS
> //Devops Infrastructure Automation/
>
>
>
>
>
> THALES SERVICES SAS
> 44 Quai Charles de Gaulle
> CS 20100
> 69463 Lyon Cedex 06
>
>
>
> --------------------------------------------------
> www.thalesgroup.com <http://www.thalesgroup.com>
> ------------------------------------------------------------------------
> *De :* midPoint <midpoint-bounces at lists.evolveum.com> de la part de
> Sylvaire kevin TIPA <sylvaire-kevin.tipa at mythalesgroup.io>
> *Envoyé :* mercredi 16 mai 2018 00:11:26
> *À :* midpoint at lists.evolveum.com
> *Objet :* [midPoint] PoilcyRules prune with filter
>
> Hello,
>
>
> I have something strange in my SoD metarole. I use a policyRules with
> prune action, when I set the target ref static (with oid) it work. But
> when I set it with filter, it do nothing .. some idea ?
>
>
> WORK :
>
> <inducement >
> <policyRule>
> <name>Segregation for Guestt</name>
> <policyConstraints>
> <exclusion>
> * <targetRef
> oid="e7eb6293-79a9-4be7-b417-21dee480c871" relation="org:default"
> type="c:RoleType"/>*
> </exclusion>
> </policyConstraints>
> <policyActions>
> <prune/>
> </policyActions>
> </policyRule>
> </inducement>
> <inducement>
> <policyRule>
> <name>Segregation for Reporterr</name>
> <policyConstraints>
> <exclusion>
> * <targetRef
> oid="1f756f93-1f46-4d66-b3df-c2f33634807b" relation="org:default"
> type="c:RoleType"/>*
> </exclusion>
> </policyConstraints>
> <policyActions>
> <prune/>
> </policyActions>
> </policyRule>
> </inducement>
>
>
>
> HS :
>
> <inducement id="1">
> <policyRule>
> <name>Segregation for Guest</name>
> <policyConstraints>
> <exclusion>
> <targetRef relation="org:default" type="c:RoleType">
> <filter>
> <q:inOid>
> <expression>
> <script>
> <code>
> * return
> "e7eb6293-79a9-4be7-b417-21dee480c871"*
> </code>
> </script>
> </expression>
> </q:inOid>
> </filter>
> <resolutionTime>run</resolutionTime>
> </targetRef>
> </exclusion>
> </policyConstraints>
> <policyActions>
> <prune />
> </policyActions>
> </policyRule>
> </inducement>
> <inducement id="2">
> <policyRule>
> <name>Segregation for Reporter</name>
> <policyConstraints>
> <exclusion>
> <targetRef relation="org:default" type="c:RoleType">
> <filter>
> <q:inOid>
> <expression>
> <script>
> <code>
> * return
> "1f756f93-1f46-4d66-b3df-c2f33634807b"*
> </code>
> </script>
> </expression>
> </q:inOid>
> </filter>
> <resolutionTime>run</resolutionTime>
> </targetRef>
> </exclusion>
> </policyConstraints>
> <policyActions>
> <prune />
> </policyActions>
> </policyRule>
> </inducement>
>
>
>
> Cordialement.
>
>
> *Sylvaire-Kevin TIPA*
> /Thales Services / OIC INFRAS
> //Devops Infrastructure Automation/
>
>
>
>
>
> THALES SERVICES SAS
> 44 Quai Charles de Gaulle
> CS 20100
> 69463 Lyon Cedex 06
>
>
>
> --------------------------------------------------
> www.thalesgroup.com <http://www.thalesgroup.com>
>
> This message contains confidential information and is intended only
> for the individual(s) addressed in the message. If you are not the
> named addressee, you should not disseminate, distribute, or copy this
> e-mail. If you are not the intended recipient, you are notified that
> disclosing, distributing, or copying this e-mail is strictly prohibited.
>
> This message contains confidential information and is intended only
> for the individual(s) addressed in the message. If you are not the
> named addressee, you should not disseminate, distribute, or copy this
> e-mail. If you are not the intended recipient, you are notified that
> disclosing, distributing, or copying this e-mail is strictly prohibited.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/f15f103e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-op3lod2a.png
Type: image/png
Size: 6112 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/f15f103e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-huov1ps1.png
Type: image/png
Size: 6112 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/f15f103e/attachment-0001.png>
More information about the midPoint
mailing list