[midPoint] How to makes maxAssignees working?
Yakov Revyakin
yrevyakin at gmail.com
Mon Jul 22 10:48:47 CEST 2024
Does anyone have any ideas, why a global rule with "maxAssignees" doesn't
work?
Also, another question. I have a role which has "maxAssignees" policy rule
assigned. I'd like to induce this role (order=2) using a meta role.
I can see that this way bypasses the policy rule and I can assign any
number of roles which have the meta role assigned.
If I assign the role with "maxAssignees" rule directly the rule triggers
enforcement properly.
So, the question is, does indirect assignment bypass policy rules?
Thanks in advance,
Yakov
On Thu, 18 Jul 2024 at 20:19, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Hi all,
> I can see that not any policy constraints trigger an action. In the
> following rule "modification" constraints works properly, but
> "maxAssignees" doesn't - I can make a member more then 1 user. Where am I
> wrong?
>
> <globalPolicyRule>
> <name>test0123</name>
> <policyConstraints>
> <maxAssignees>
> <multiplicity>1</multiplicity>
> </maxAssignees>
> <!--
> <modification>
> <operation>modify</operation>
> </modification>
> -->
> </policyConstraints>
> <policyActions>
> <enforcement/>
> </policyActions>
> <focusSelector>
> <type>RoleType</type>
> <filter>
> <q:text>name = "Security Officer"</q:text>
> </filter>
> </focusSelector>
> </globalPolicyRule>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240722/b4ee3860/attachment.htm>
More information about the midPoint
mailing list