<div dir="ltr"><div>Thanks for the info, Ivan.</div><div><br></div><div>In regards to unlinking, our mappings and correlation expressions work in a way that, if a deactivated user would be unlinked the account, it would not be linked again. But I understand it would be an issue for a lot of cases.</div><div>The best practice would be to delete the user in midPoint.</div><div><br></div><div>The main reason behind this is that I want to keep the AD login account intact so the Exchange mailbox is not lost when a user leaves. <br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">Em qui, 9 de ago de 2018 às 05:56, Ivan Noris <<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>just to inform you that we are already tracking:</p>
<p> <a class="m_7320881063399096488m_-6361799743803380685moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-2142" target="_blank">https://jira.evolveum.com/browse/MID-2142</a> (Capabilities per
objectType (e.g. Delete capability only for some intents)</p>
<p>and <br>
</p>
<p><a class="m_7320881063399096488m_-6361799743803380685moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-2144" target="_blank">https://jira.evolveum.com/browse/MID-2144</a> (Configured
capabilities - add a way to ignore instead of "Operation not
supported" error)</p>
<p>There are marked as "subscription needed", so you may want to use
a subscription to prioritize them.<br>
</p>
<p>Related to unlinking: I'm not aware of any way, but even if there
was a way how to unlink an account (probably it's possible using
bulk tasks), the account would be linked back if any
synchronization would run for that resource and unlinked->link
reaction would be specified. This is because unlink = dropping
linkRef reference from user object to shadow, but the shadow would
still remain in the repository. Even if the shadow would not
remain, it would be recreated upon next reconciliation with the
system, as the account still exists.</p>
<p>So the best option would be avoid deletion of the accounts by
using configured capabilities, but as you correctly stated, the
current behaviour would apply for all objects on the resource
(accounts, groups etc.). That's why we are tracking the features
in our JIRA.<br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="m_7320881063399096488m_-6361799743803380685moz-cite-prefix">On 08.08.2018 21:57, Alcides Carlos de
Moraes Neto wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hello list,</div>
<div><br>
</div>
<div>Quick question: Is it possible to not delete, but unlink
accounts when a user is deleted and/or unassigned from the
account?</div>
<div><br>
</div>
<div>Right now I'm able to disable instead of delete, but the
account remains linked to the user.</div>
<div>I would like to either delete the user without deleting the
account, or unlink the user from the account automatically. <br>
</div>
<div><br>
</div>
<div>I have simulated this by removing the "delete" capability
from the resource, but this is not viable, as I need to be
able to delete groups, but not users.<br>
</div>
<div><br>
</div>
<div>Thanks!<br>
</div>
</div>
<br>
<fieldset class="m_7320881063399096488m_-6361799743803380685mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a class="m_7320881063399096488m_-6361799743803380685moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="m_7320881063399096488m_-6361799743803380685moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="m_7320881063399096488m_-6361799743803380685moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>