[midPoint] globalPolicyRule : how works operation=delete

Pascal PERICHON pascal.perichon at u-paris.fr
Sun Jun 23 20:01:57 CEST 2024 

Hi,

Thanks for that explanation and now things are more clear:

- "operation" is related to the whole focus object
- as explain in the documentation "Constraint that triggers on focal 
object modification, addition or deletion"
- operation=modify, item=emailAddress, triggers when modify emailAddress 
of existing user (i.e. modification of focal object).

operation=modify constraint on UserType object is triggered when I add, 
modify*AND DELETE* the attribute "emailAddress" (modification of focal 
object) :

/        <policyConstraints>/
/                <modification>/
/                     <operation>modify</operation>/
/                     <item>emailAddress</item>/
/                </modification>/
/       <policyConstraints>/

It works as explained in the documentation, that's great.
It was not working for me for delete because I didn't see that I put a 
filter in the globalPolicyRule :

             <q:not>
                 <q:equal>
                     <q:path>emailAddress</q:path>
                 </q:equal>
             </q:not>

ooppss

Thanks

---
Pascal Périchon
Université Paris Cité


Le 21/06/2024 à 09:54, Slavek Licehammer via midPoint a écrit :
> Hi Pascal.
>
> The "operation" is related to the whole focus object, in this case the 
> User object. The "item" specifies that modification of configured item 
> needs to be part of the operation.
>
> Examples when the individual constraints are triggered:
>
> operation=add, item=emailAddress
> Triggers when you create (ADD) a new user who has non-empty emailAddress.
>
> operation=modify, item=emailAddress
> Triggers when modify emailAddress of existing user. Technically you 
> are modifying the user object and  item=emailAddress means the 
> emailAddress property needs to be part of the modification.
>
> operation=delete, item=emailAddress
> Triggers when you delete a user who has non-empty emailAddress. 
> Operation is delete, so you need to delete the whole user object to 
> trigger it. Having also item=emailAddress means the policy will 
> trigger only if emailAddress will be changed as part of deletion of 
> the User. In other words, if emailAddress is non-empty it will be 
> modified as part of the deletion of the whole object and therefore it 
> will trigger the policy.
>
> Hope this helps.
>
>   Slavek
>
>
>
> On 20/06/2024 16:44, Pascal PERICHON via midPoint wrote:
>> Hi,
>>
>> I've got a problem to understand how works the 
>> "<operation>delete</operation>" in the following example : I want to 
>> add/update a field dateOfModificationOfTheMail when we add/update the 
>> field emailAddress, or delete this date when emailAddress is deleted :
>>
>> /    <globalPolicyRule>
>> //        <focusSelector>
>>              <type>UserType</type>
>>          </focusSelector>
>> //        <policyConstraints>
>>              <modification>
>>                  <operation>add</operation>
>>                  <operation>modify</operation>
>>                  <operation>delete</operation>
>>                  <item>emailAddress</item>
>>              </modification>
>>          </policyConstraints>
>>          <policyActions>
>>              <scriptExecution>
>>                  <executeScript 
>> xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
>>                      <s:action>
>> <s:type>execute-script</s:type>
>>                          <s:parameter>
>>                              <s:name>script</s:name>
>>                              <value 
>> xsi:type="c:ScriptExpressionEvaluatorType">
>>                                  <code>
>>                                      log.info("------> I should 
>> add/update the field dateOfModificationOfTheMail or delete this date 
>> the mail is deleted")
>>                              </code>
>>                              </value>
>>                          </s:parameter>
>>                      </s:action>
>>                  </executeScript>
>>              </scriptExecution>
>>          </policyActions>
>>      </globalPolicyRule>
>> /
>>
>> it works fine for operation=add/modify but nothing is triggered for 
>> operation=delete.
>>
>> I tried to remove all operations tags (supposed to act like if 
>> add/modify/delete tags are all there): same result.
>>
>> The documentation 
>> /https://docs.evolveum.com/midpoint/devel/design/policy-constraints/#currently-implemented-constraints/ 
>> seems to say that's implemented (I use midPoint 4.4.8).
>>
>> Any ideas ?
>>
>> Thanks
>>
>> ---
>>
>> Pascal Périchon
>> Université Paris Cité
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240623/03158ed2/attachment.htm>

More information about the midPoint mailing list