<div dir="ltr"><div>I decided to create a new topic to exclude noise from my previous one: "Import and assignmentPolicyEnforcement=none".</div><div><br></div><div>Using things from popular Midpoint page</div><div><a href="https://docs.evolveum.com/midpoint/reference/concepts/activation/disable-instead-of-delete/">https://docs.evolveum.com/midpoint/reference/concepts/activation/disable-instead-of-delete/</a><br></div>I have found that the approach when we want to save non-legal accounts from deletion works fine but with one exclusion.<div><br></div><div>If we have a user with active assignment of the resource and assignmentPolicyEnforcement=none and we have the following definition for existence</div><div> <br><div><existence><br>    <outbound><br>        <strength>weak</strength><br>        <expression><br>            <path>$focusExists</path><br>        </expression><br>    </outbound><br></existence><br></div></div><div><br></div><div>then any user update (import, recon) results in creating a new resource account.</div><div>It looks like the existence definition disregards assignmentPolicyEnforcement=none.</div><div><br></div><div>This behavior influences the migration phase when we want to manage creating of users and linking existing accounts of target systems to them. </div><div><br></div><div>I don't know if this is a bug or a feature. Probably someone can comment?</div><div><br></div><div>Also there is a workaround - if we rewrite existence definition in the following way the problem goes:<br><existence><br>    <outbound><br>        <strength>weak</strength><br>        <expression><br>            <path>$focusExists</path><br>        </expression><br>        <condition><br>            <script><br>                <code><br>                    return shadow != null<br>                </code><br>            </script><br>        </condition><br>    </outbound><br></existence><br>   </div><div><br></div><div><br></div></div>