[midPoint] prune & reconciliation
Yakov Revyakin
yrevyakin at gmail.com
Thu Feb 20 14:39:33 CET 2025
more precisely, it can be used during reconciliation only if a new entity
is adding
On Thu, 20 Feb 2025 at 15:37, Yakov Revyakin <yrevyakin at gmail.com> wrote:
> After some debugging I understood that prune makes sense only in
> context of adding a new entity, when it's clear what to leave and what must
> go. So, prune can't be used during reconciliation.
>
> On Thu, 20 Feb 2025 at 13:02, Yakov Revyakin <yrevyakin at gmail.com> wrote:
>
>> Hi all,
>> I can see that if policyActions are "record" or "enforcement" for
>> policyConstraints "exclusion" (SOD) then I can see appropriate evaluation
>> results after reconciliation if any relevant violations.
>> But if I use "prune" I can't see any changes running reconciliation -
>> conflicting roles are not unassigned.
>> Could someone explain why there is this difference in behavior? Is there
>> any way to force prune during reconciliation?
>> Thanks
>> Yakov
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20250220/c500e38b/attachment.htm>
More information about the midPoint
mailing list