[midPoint] Removing inducement does not remove roleMembershipRef?

Pavol Mederly mederly at evolveum.com
Fri Sep 14 00:08:40 CEST 2018 

Hmmm... My first impression is to have a look at "tolerant" flag for the 
association (setting it to "false").

Pavol Mederly
Software developer
evolveum.com

On 13.09.2018 23:58, Alcides Carlos de Moraes Neto wrote:
> Thank you Pavol.
>
> After more tests, recomputing did remove the roleMembershipRef.
>
> However, both roles have a metarole that creates an AD group 
> projection, and assign members using associationFromLink, very simple 
> stuff.
> Removing the inducement and recomputing the users did remove the 
> roleMembershipRef but did not remove the AD association.
> Unassigning role1 with the inducement intact worked correctly and 
> removed role2 AD group association from user AD projection.
> Removing the inducement did not remove user from role2 AD group 
> association, and unassigning from role1 only removes role1 AD group.
>
>
> Em qui, 13 de set de 2018 às 16:22, Pavol Mederly 
> <mederly at evolveum.com <mailto:mederly at evolveum.com>> escreveu:
>
>     Hello,
>
>     normally I would say this is a bug. Recomputation of users should
>     definitely remove role2 from users' roleMembershipRef items.
>
>     However, this particular functionality is quite well covered by
>     tests. So it might be some misconfiguration on your side.
>
>     You can try to troubleshoot
>     <https://wiki.evolveum.com/display/midPoint/Usual+Troubleshooting+Steps>
>     the situation yourself or post more details here. Maybe someone
>     from the community would be able to help you.
>
>     Best regards,
>
>     Pavol Mederly
>     Software developer
>     evolveum.com <http://evolveum.com>
>
>     On 13.09.2018 20:08, Alcides Carlos de Moraes Neto wrote:
>>     Hello list,
>>
>>     We had a role1 that induced role2.
>>     Removing the inducement did not remove membership of role2 from
>>     users of role1.
>>     Recomputing either role1, role2 or the users didn't make a
>>     difference.
>>     Opening role2 with the GUI, the indirect members are shown if you
>>     check the 'indirect members' option.
>>     Opening the users with the GUI will not show the assignment, even
>>     in the Show All Assignments dialog.
>>     In the XML of the users we can see the roleMembershipRef pointing
>>     to role2.
>>     Unassigning role1 from the users, after removing the inducement,
>>     did not remove role2 roleMembershipRef.
>>
>>     Is this by design, or a bug?
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180914/4ea9342a/attachment.htm>

More information about the midPoint mailing list