[midPoint] PoilcyRules prune with filter
Pavol Mederly
mederly at evolveum.com
Wed May 16 10:47:17 CEST 2018
Thanks. :)
It it so for all expressions in all filter types in exclusion constraint.
Pavol Mederly
Software developer
evolveum.com
On 16.05.2018 10:41, Sylvaire kevin TIPA wrote:
>
> Oh ! So good to help you :D
>
>
> Just for be sure, it's all expression in filter (in Exclusion
> Constraint) or just some filter type like inOID ?
>
>
>
>
>
> Cordialement.
>
>
> *Sylvaire-Kevin TIPA*
> /Thales Services / OIC INFRAS
> //Devops Infrastructure Automation/
>
>
>
>
>
> THALES SERVICES SAS
> 44 Quai Charles de Gaulle
> CS 20100
> 69463 Lyon Cedex 06
>
>
>
> --------------------------------------------------
> www.thalesgroup.com <http://www.thalesgroup.com>
> ------------------------------------------------------------------------
> *De :* midPoint <midpoint-bounces at lists.evolveum.com> de la part de
> Pavol Mederly <mederly at evolveum.com>
> *Envoyé :* mercredi 16 mai 2018 10:09:17
> *À :* midpoint at lists.evolveum.com
> *Objet :* Re: [midPoint] PoilcyRules prune with filter
>
> Hello,
>
>
> this is not a spam :) Actually, the JIRA you mentioned is not quite
> related to your problem.
>
>
> Having looked at the source code now I see the problem is that
> although filters are supported in exclusion constraints, expressions
> in these filters are not. What is missing is the resolution of
> expressions somewhere at ExclusionConstraintEvaluator.java:185 (in
> current master).
>
>
> I have created a new JIRA for that:
> https://jira.evolveum.com/browse/MID-4663
> <https://jira.evolveum.com/browse/MID-4663>.
>
>
> Best regards,
>
> Pavol Mederly
> Software developer
> evolveum.com
> On 16.05.2018 7:54, Sylvaire kevin TIPA wrote:
>>
>> I forgot to say that I'm in 3.6, and I just see that a JIRA is
>> openning on it ...
>>
>> https://jira.evolveum.com/browse/MID-3966
>>
>>
>> Sorry for the spam
>>
>>
>>
>> Cordialement.
>>
>>
>> *Sylvaire-Kevin TIPA*
>> /Thales Services / OIC INFRAS
>> //Devops Infrastructure Automation/
>>
>>
>>
>>
>>
>> THALES SERVICES SAS
>> 44 Quai Charles de Gaulle
>> CS 20100
>> 69463 Lyon Cedex 06
>>
>>
>>
>> --------------------------------------------------
>> www.thalesgroup.com <http://www.thalesgroup.com>
>> ------------------------------------------------------------------------
>> *De :* midPoint <midpoint-bounces at lists.evolveum.com>
>> <mailto:midpoint-bounces at lists.evolveum.com> de la part de Sylvaire
>> kevin TIPA <sylvaire-kevin.tipa at mythalesgroup.io>
>> <mailto:sylvaire-kevin.tipa at mythalesgroup.io>
>> *Envoyé :* mercredi 16 mai 2018 00:11:26
>> *À :* midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>> *Objet :* [midPoint] PoilcyRules prune with filter
>>
>> Hello,
>>
>>
>> I have something strange in my SoD metarole. I use a policyRules with
>> prune action, when I set the target ref static (with oid) it work.
>> But when I set it with filter, it do nothing .. some idea ?
>>
>>
>> WORK :
>>
>> <inducement >
>> <policyRule>
>> <name>Segregation for Guestt</name>
>> <policyConstraints>
>> <exclusion>
>> * <targetRef
>> oid="e7eb6293-79a9-4be7-b417-21dee480c871" relation="org:default"
>> type="c:RoleType"/>*
>> </exclusion>
>> </policyConstraints>
>> <policyActions>
>> <prune/>
>> </policyActions>
>> </policyRule>
>> </inducement>
>> <inducement>
>> <policyRule>
>> <name>Segregation for Reporterr</name>
>> <policyConstraints>
>> <exclusion>
>> * <targetRef
>> oid="1f756f93-1f46-4d66-b3df-c2f33634807b" relation="org:default"
>> type="c:RoleType"/>*
>> </exclusion>
>> </policyConstraints>
>> <policyActions>
>> <prune/>
>> </policyActions>
>> </policyRule>
>> </inducement>
>>
>>
>>
>> HS :
>>
>> <inducement id="1">
>> <policyRule>
>> <name>Segregation for Guest</name>
>> <policyConstraints>
>> <exclusion>
>> <targetRef relation="org:default" type="c:RoleType">
>> <filter>
>> <q:inOid>
>> <expression>
>> <script>
>> <code>
>> * return
>> "e7eb6293-79a9-4be7-b417-21dee480c871"*
>> </code>
>> </script>
>> </expression>
>> </q:inOid>
>> </filter>
>> <resolutionTime>run</resolutionTime>
>> </targetRef>
>> </exclusion>
>> </policyConstraints>
>> <policyActions>
>> <prune />
>> </policyActions>
>> </policyRule>
>> </inducement>
>> <inducement id="2">
>> <policyRule>
>> <name>Segregation for Reporter</name>
>> <policyConstraints>
>> <exclusion>
>> <targetRef relation="org:default" type="c:RoleType">
>> <filter>
>> <q:inOid>
>> <expression>
>> <script>
>> <code>
>> * return
>> "1f756f93-1f46-4d66-b3df-c2f33634807b"*
>> </code>
>> </script>
>> </expression>
>> </q:inOid>
>> </filter>
>> <resolutionTime>run</resolutionTime>
>> </targetRef>
>> </exclusion>
>> </policyConstraints>
>> <policyActions>
>> <prune />
>> </policyActions>
>> </policyRule>
>> </inducement>
>>
>>
>>
>> Cordialement.
>>
>>
>> *Sylvaire-Kevin TIPA*
>> /Thales Services / OIC INFRAS
>> //Devops Infrastructure Automation/
>>
>>
>>
>>
>>
>> THALES SERVICES SAS
>> 44 Quai Charles de Gaulle
>> CS 20100
>> 69463 Lyon Cedex 06
>>
>>
>>
>> --------------------------------------------------
>> www.thalesgroup.com <http://www.thalesgroup.com>
>>
>> This message contains confidential information and is intended only
>> for the individual(s) addressed in the message. If you are not the
>> named addressee, you should not disseminate, distribute, or copy this
>> e-mail. If you are not the intended recipient, you are notified that
>> disclosing, distributing, or copying this e-mail is strictly prohibited.
>>
>> This message contains confidential information and is intended only
>> for the individual(s) addressed in the message. If you are not the
>> named addressee, you should not disseminate, distribute, or copy this
>> e-mail. If you are not the intended recipient, you are notified that
>> disclosing, distributing, or copying this e-mail is strictly prohibited.
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> This message contains confidential information and is intended only
> for the individual(s) addressed in the message. If you are not the
> named addressee, you should not disseminate, distribute, or copy this
> e-mail. If you are not the intended recipient, you are notified that
> disclosing, distributing, or copying this e-mail is strictly prohibited.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/8f59372f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-xl3rok35.png
Type: image/png
Size: 6112 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/8f59372f/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-op3lod2a.png
Type: image/png
Size: 6112 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/8f59372f/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-huov1ps1.png
Type: image/png
Size: 6112 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180516/8f59372f/attachment-0002.png>
More information about the midPoint
mailing list