[midPoint] globalPolicyRule : how works operation=delete

[Slavek Licehammer]

Hi Pascal.

The "operation" is related to the whole focus object, in this case the User object. The "item" specifies that modification of configured item needs to be part of the operation.

Examples when the individual constraints are triggered:

operation=add, item=emailAddress
Triggers when you create (ADD) a new user who has non-empty emailAddress.

operation=modify, item=emailAddress
Triggers when modify emailAddress of existing user. Technically you are modifying the user object and  item=emailAddress means the emailAddress property needs to be part of the modification.

operation=delete, item=emailAddress
Triggers when you delete a user who has non-empty emailAddress. Operation is delete, so you need to delete the whole user object to trigger it. Having also item=emailAddress means the policy will trigger only if emailAddress will be changed as part of deletion of the User. In other words, if emailAddress is non-empty it will be modified as part of the deletion of the whole object and therefore it will trigger the policy.

Hope this helps.

   Slavek



On 20/06/2024 16:44, Pascal PERICHON via midPoint wrote:
> Hi,
> 
> I've got a problem to understand how works the "<operation>delete</operation>" in the following example : I want to add/update a field dateOfModificationOfTheMail when we add/update the field emailAddress, or delete this date when emailAddress is deleted :
> 
> /    <globalPolicyRule>
> //        <focusSelector>
>              <type>UserType</type>
>          </focusSelector>
> //        <policyConstraints>
>              <modification>
>                  <operation>add</operation>
>                  <operation>modify</operation>
>                  <operation>delete</operation>
>                  <item>emailAddress</item>
>              </modification>
>          </policyConstraints>
>          <policyActions>
>              <scriptExecution>
>                  <executeScript xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
>                      <s:action>
> <s:type>execute-script</s:type>
>                          <s:parameter>
>                              <s:name>script</s:name>
>                              <value xsi:type="c:ScriptExpressionEvaluatorType">
>                                  <code>
>                                      log.info("------> I should add/update the field dateOfModificationOfTheMail or delete this date the mail is deleted")
>                              </code>
>                              </value>
>                          </s:parameter>
>                      </s:action>
>                  </executeScript>
>              </scriptExecution>
>          </policyActions>
>      </globalPolicyRule>
> /
> 
> it works fine for operation=add/modify but nothing is triggered for operation=delete.
> 
> I tried to remove all operations tags (supposed to act like if add/modify/delete tags are all there): same result.
> 
> The documentation /https://docs.evolveum.com/midpoint/devel/design/policy-constraints/#currently-implemented-constraints/ seems to say that's implemented (I use midPoint 4.4.8).
> 
> Any ideas ?
> 
> Thanks
> 
> ---
> 
> Pascal Périchon
> Université Paris Cité
> 
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint