[midPoint] hasNoAssignment policy constraint

[Delcourt Stéphane]

Hi all,

Does someone know how to deal with this policy constraint ?
My idea is to use it for role dependency as intended https://jira.evolveum.com/browse/MID-4068
So I want to add policy constraint in role B to block user receiving it if not assigned of role A
Here's the code sample I'm using in role B:
    <assignment>
        <policyRule>
            <name>exclude-if-no-role-a</name>
            <policyConstraints>
                <hasNoAssignment>
                    <targetRef oid="role_a_oid" type="RoleType"/>
                </hasNoAssignment>
            </policyConstraints>
            <policyActions>
                <enforcement/>
            </policyActions>
        </policyRule>
    </assignment>

But this does not trigger any error when I try to assign role B to a user not having role A.

What am I missing here ?
I don't even know how to debug this.

Thanks for your help
Stéphane Delcourt
Informaticien - Gestionnaire système - Développeur
[www.ulb.be]<http://www.ulb.ac.be/>
Département informatique, Service Applications métier
Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20221010/182c3ace/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: image001.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20221010/182c3ace/attachment-0001.jpg>