[midPoint] RB-RBAC assignments not removed if partial_error
Jason Everling
jeverling at bshp.edu
Wed Apr 3 18:55:22 CEST 2019
I have quite a few auto roles using like the below and during a sync there
were partial_errors on certain accounts and so after checking why and
fixing I noticed the roles were not removed (conditions are no longer true)
when they normally are removed. The only thing that is different I guess is
that these accounts had a partial_error result. Any ideas? If it is because
of the partial_error, How can that be prevented and still process
assignments? I also noticed that the email notifications did not go out
either.
<mapping>
<name>Assign Security Group</name>
<authoritative>true</authoritative>
<strength>strong</strength>
<source>
<path>extension/bshp:entitlement</path>
</source>
<expression>
<assignmentTargetSearch>
<targetType>c:RoleType</targetType>
<filter>
<equal>
<path>c:identifier</path>
<value>SEC-THE_GROUP</value>
</equal>
</filter>
</assignmentTargetSearch>
</expression>
<target>
<path>assignment</path>
</target>
<condition>
<script>
<code>entitlement == 'condition1' || entitlement ==
'condition2'</code>
</script>
</condition>
</mapping>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190403/5d462ef8/attachment.htm>
More information about the midPoint
mailing list