[midPoint] XML Rest cannot delete a disabled role assignment
Pavol Mederly
mederly at evolveum.com
Thu May 23 21:48:34 CEST 2019
Hello,
if you do not specify value ID, midPoint deletes values by matching
their content.
I.e. if your assignment value is - e.g.
<assignment id="123">
<description>here we are</description>
<targetRef oid="role0000-0000-0000-0000-000000000015"type="RoleType"/>
</assignment>
and you request to delete the value of:
<assignment>
<description>here we are NOT</description>
<targetRef oid="role0000-0000-0000-0000-000000000015"type="RoleType"/>
</assignment>
or
<assignment>
<targetRef oid="role0000-0000-0000-0000-000000000015"type="RoleType"/>
</assignment>
then, obviously, these do not match the existing value and so it's not
deleted.
If you want to delete a specific assignment, either you should provide
all of its content (except for operational data - e.g. metadata - these
are ignored when comparing), or you have to provide the value ID. For
example:
<objectModification
xmlns='http://midpoint.evolveum.com/xml/ns/public/common/api-types-3'
xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
<t:itemDelta>
<t:modificationType>delete</t:modificationType>
<t:path>assignment</t:path>
<t:value id="123"></t:value>
</t:itemDelta>
</objectModification>
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 22.05.2019 16:09, Chris Leung Yau Wai wrote:
> Dear all,
>
> I am using midpoint 3.9. I have a issue
>
> 1. A user with a role assignment
> 2. Disable the role assignment (set the administrative status as
> disabled of the role assignment)
> 3. The role assignemnt cannot be remove thru XML REST but midpoint
> report OK status e.g, the xml below:
>
> <objectModification
>
> xmlns='http://midpoint.evolveum.com/xml/ns/public/common/api-types-3'
>
> xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
>
> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
>
> <itemDelta>
>
> <t:modificationType>delete</t:modificationType>
>
> <t:path>c:assignment</t:path>
>
> <t:value>
>
> <c:targetRef oid="role0000-0000-0000-0000-000000000015"
> type="c:RoleType" />
>
> </t:value>
>
> </itemDelta>
>
> </objectModification>
> 4. However, the assignment can be removed thru the admin GUI
>
>
> Actually, I found that if there are any value defined in the
> administrative status of the assignment, then the role cannot be
> unassign (delete) thru the XML API. Am I missing something?
>
>
> Thanks
>
>
> Chris
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190523/81ebd7ae/attachment.htm>
More information about the midPoint
mailing list