[midPoint] globalPolicyRule : how works operation=delete

Black, Carey Matthew blackcm at purdue.edu
Fri Jun 21 14:38:44 CEST 2024 

Slavek,

I appreciate the explanation about what  this part really means on how midPoint processes things.
"
>           <modification>
>                  <operation>delete</operation>
>                  <item>emailAddress</item>
>              </modification>
"

It sounds like the OP ( original poster)  was trying to do to many things with a single rule to me.
How many rules would you create to achieve the desired behavior?



The stated desire was:
"
I want to add/update a field dateOfModificationOfTheMail when we add/update the field emailAddress, or delete this date when emailAddress is deleted
"

The original rule was reported to have handled the add/update when a value is set or modified.
How should the OP implement ", or delete this date ("a field dateOfModificationOfTheMail") when emailAddress is deleted" ?


I assume that would be a operation=modify 
"
>              <modification>
>                  <operation>modify</operation>
>                  <item>emailAddress</item>
>              </modification>
"

But I don't follow how to test for emailAddress is being set to null?

Thanks in advance.

-- 
Carey Matthew Black

-----Original Message-----
From: midPoint <midpoint-bounces at lists.evolveum.com> On Behalf Of Slavek Licehammer via midPoint
Sent: Friday, June 21, 2024 3:55 AM
To: midpoint at lists.evolveum.com
Cc: Slavek Licehammer <slavek at evolveum.com>
Subject: Re: [midPoint] globalPolicyRule : how works operation=delete

---- External Email: Use caution with attachments, links, or sharing data ----


Hi Pascal.

The "operation" is related to the whole focus object, in this case the User object. The "item" specifies that modification of configured item needs to be part of the operation.

Examples when the individual constraints are triggered:

operation=add, item=emailAddress
Triggers when you create (ADD) a new user who has non-empty emailAddress.

operation=modify, item=emailAddress
Triggers when modify emailAddress of existing user. Technically you are modifying the user object and  item=emailAddress means the emailAddress property needs to be part of the modification.

operation=delete, item=emailAddress
Triggers when you delete a user who has non-empty emailAddress. Operation is delete, so you need to delete the whole user object to trigger it. Having also item=emailAddress means the policy will trigger only if emailAddress will be changed as part of deletion of the User. In other words, if emailAddress is non-empty it will be modified as part of the deletion of the whole object and therefore it will trigger the policy.

Hope this helps.

   Slavek



On 20/06/2024 16:44, Pascal PERICHON via midPoint wrote:
> Hi,
>
> I've got a problem to understand how works the "<operation>delete</operation>" in the following example : I want to add/update a field dateOfModificationOfTheMail when we add/update the field emailAddress, or delete this date when emailAddress is deleted :
>
> /    <globalPolicyRule>
> //        <focusSelector>
>              <type>UserType</type>
>          </focusSelector>
> //        <policyConstraints>
>              <modification>
>                  <operation>add</operation>
>                  <operation>modify</operation>
>                  <operation>delete</operation>
>                  <item>emailAddress</item>
>              </modification>
>          </policyConstraints>
>          <policyActions>
>              <scriptExecution>
>                  <executeScript xmlns:s="<rewrite of a garbage safelink injected by my mail system was removed, not sure what should be here">
>                      <s:action>
> <s:type>execute-script</s:type>
>                          <s:parameter>
>                              <s:name>script</s:name>
>                              <value xsi:type="c:ScriptExpressionEvaluatorType">
>                                  <code>
>                                      log.info("------> I should add/update the field dateOfModificationOfTheMail or delete this date the mail is deleted")
>                              </code>
>                              </value>
>                          </s:parameter>
>                      </s:action>
>                  </executeScript>
>              </scriptExecution>
>          </policyActions>
>      </globalPolicyRule>
> /
>
> it works fine for operation=add/modify but nothing is triggered for operation=delete.
>
> I tried to remove all operations tags (supposed to act like if add/modify/delete tags are all there): same result.
>
> The documentation https://docs.evolveum.com/midpoint/devel/design/policy-constraints/#currently-implemented-constraints/ seems to say that's implemented (I use midPoint 4.4.8).
>
> Any ideas ?
>
> Thanks
>
> ---
>
> Pascal Périchon
> Université Paris Cité
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> rewrite of a garbage safelink injected by my mail system was removed, not sure what should be here
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
rewrite of a garbage safelink injected by my mail system was removed, not sure what should be here

More information about the midPoint mailing list