[midPoint] hasNoAssignment policy constraint
Pavol Mederly
mederly at evolveum.com
Wed Oct 12 12:34:01 CEST 2022
Hello, Stéphane,
just a few general comments:
1. I would search the midPoint sources for <hasNoAssignment> string. We
try to do the development seriously, so every feature should have
(at least) one test for it. This one is no exception.
2. I would search the docs.evolveum.com for "hasNoAssignment". Here the
situation is a bit worse. The feature is not quite finished - it was
sponsored to some extent; but additional resources are needed to
document it properly. However, this work-in-progress document could
help:
https://docs.evolveum.com/midpoint/devel/design/policy-constraints/.
(The formatting problems are due to wiki migration.)
3. As for debugging, policy constraints do not have "<tracing>" flag
nor the comprehensive troubleshooting methodology (as mappings do).
So I use the (experimental) troubleshooting with traces
<https://docs.evolveum.com/midpoint/reference/diag/troubleshooting/troubleshooting-with-traces/>
to diagnose issues with them.
4. Personally, I would be greatly interested in how many installations
do use policy rules, and this one in particular.
--
Pavol Mederly
Software developer
evolveum.com
On 10/10/2022 12:54, Delcourt Stéphane via midPoint wrote:
>
> Hi all,
>
> Does someone know how to deal with this policy constraint ?
>
> My idea is to use it for role dependency as intended
> https://jira.evolveum.com/browse/MID-4068
>
> So I want to add policy constraint in role B to block user receiving
> it if not assigned of role A
>
> Here’s the code sample I’m using in role B:
>
> <assignment>
>
> <policyRule>
>
> <name>exclude-if-no-role-a</name>
>
> <policyConstraints>
>
> <hasNoAssignment>
>
> <targetRef oid="role_a_oid" type="RoleType"/>
>
> </hasNoAssignment>
>
> </policyConstraints>
>
> <policyActions>
>
> <enforcement/>
>
> </policyActions>
>
> </policyRule>
>
> </assignment>
>
> But this does not trigger any error when I try to assign role B to a
> user not having role A.
>
> What am I missing here ?
>
> I don’t even know how to debug this.
>
> Thanks for your help
>
> *Stéphane Delcourt*
> Informaticien – Gestionnaire système - Développeur
> www.ulb.be <http://www.ulb.ac.be/>
> *Département informatique, Service Applications métier*
> Av. F. Roosevelt 50, CP 251 - 1050 Bruxelles
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20221012/0748e268/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 15369 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20221012/0748e268/attachment-0001.jpg>
More information about the midPoint
mailing list