Defect #1211
closedCannot delete user
100%
Description
I cannot delete user with these conditions:
- User has just one future contract
- User has automatic role with forward provisioning for System
- System has protection mode
Bulk remove action on this user is failing on protection but when I open the user, his account is not in protected mode.
Updated by Ondřej Kopr over 5 years ago
- Target version set to Malachite (9.0.0)
Its required propagate flag for force delete from processor IdentityAccountDeleteProcessor flag FORCE_DELETE_OF_IDENTITY_ACCOUNT_KEY to processor AccountDeleteProcessor line 116
Updated by Vít Švanda over 5 years ago
- Status changed from New to In Progress
- Assignee changed from Ondřej Kopr to Vít Švanda
Updated by Vít Švanda over 5 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
- Target version changed from Malachite (9.0.0) to Jade (8.1.4)
- % Done changed from 0 to 90
Bulk remove action on this user is failing on protection but when I open the user, his account is not in protected mode.
- There is simple explanation. Delete of identity caused delete of identity-account, that caused switching account to protection mode. Tryed to delete of protected account caused the exception and this exception caused rollback of transaction in LRT. So every changes is gone.
- For this case was implemented force delete on the identity-account service. This force delete try to delete identity-account relations even if account is in the protected mode. In this case we don't want delete the AccAccount (only relations) and here was the problem.
I fixed this (and added test) in the commit: https://github.com/bcvsolutions/CzechIdMng/commit/c535a7b135e919aaf8b24178fe914b38944cfec2
Documentation: https://wiki.czechidm.com/devel/documentation/accounts/dev/protection-system#basic_use_case_scenario
Updated by Marcel Poul over 5 years ago
Thank you Vítek,
We just got call from our customer where he complains about "basic IdM malfunctions" and the fix will really help
Marcel
Updated by Vít Švanda over 5 years ago
To clarify, this "problem" was very easy to bypass with temporary turn off the protected mode (during the deletion of identity).
Updated by Radek Tomiška over 5 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 90 to 100
I did test and review, it works, thx!