[midPoint] prune & reconciliation
Yakov Revyakin
yrevyakin at gmail.com
Thu Feb 20 14:37:25 CET 2025
After some debugging I understood that prune makes sense only in context of
adding a new entity, when it's clear what to leave and what must go. So,
prune can't be used during reconciliation.
On Thu, 20 Feb 2025 at 13:02, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> Hi all,
> I can see that if policyActions are "record" or "enforcement" for
> policyConstraints "exclusion" (SOD) then I can see appropriate evaluation
> results after reconciliation if any relevant violations.
> But if I use "prune" I can't see any changes running reconciliation -
> conflicting roles are not unassigned.
> Could someone explain why there is this difference in behavior? Is there
> any way to force prune during reconciliation?
> Thanks
> Yakov
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250220/6cabab46/attachment.htm>
More information about the midPoint
mailing list