Project

General

Profile

Actions

Feature #1365

closed

Business default role in synchronization creates 2 links

Added by Alena Peterová about 6 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Low
Assignee:
Radek Tomiška
Category:
Synchronization
Target version:
Start date:
11/07/2018
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Version: 9.3.0-SNAPSHOT

Situation:
  • "Business role" has two sub roles - "Sub role 1" and "AD user"
  • "AD user" has schema "AD"
  • Reconcilation of the system "AD" uses "Business role" as a default role, situation "Not Linked" is set to "Link and update account".
Result:
  • Identities have the role "Business role"
  • Identities have 2 Links to accounts - 1) assigned by role "AD user" and 2) assigned by role "Business role"

This is different result than when we assign "Business role" to a user - then there is only one link to account assigned by role "AD user".

This could create a problem in the future. If "AD user" is removed from the "Business role", then:
  • AD account is removed for identities, who had the role "Business role" assigned manually or automatically
  • AD account is not removed for identities, who had the role "Business role" assigned during synchronization

I set the priority as Low, because I don't really see any use case to set business role as default role for sync, at least not in simple environments.


Related issues

Related to IdStory Identity Manager - Task #1636: Redesign business roles assignmentClosedRadek Tomiška05/06/2019

Actions
Actions #1

Updated by Vít Švanda over 5 years ago

  • Status changed from New to Needs feedback
  • Assignee changed from Vít Švanda to Radek Tomiška
  • Target version set to Quartz (9.6.3)
Actions #2

Updated by Radek Tomiška over 5 years ago

  • Tracker changed from Defect to Feature
  • Status changed from Needs feedback to New
  • Assignee changed from Radek Tomiška to Vít Švanda

I checked the described behavior in version 9.6.0.

This ticket is not related to synchronous role request execution as I thought.

Possible solution: find all sub roles, which are defined by default business role at the start of synchronization (once) and check system is mapped in some of sub roles.

Actions #3

Updated by Vít Švanda over 5 years ago

  • Target version deleted (Quartz (9.6.3))
Actions #4

Updated by Radek Tomiška about 4 years ago

  • Assignee changed from Vít Švanda to Radek Tomiška
  • Target version set to 10.6.0
Actions #5

Updated by Radek Tomiška about 4 years ago

  • Related to Task #1636: Redesign business roles assignment added
Actions #6

Updated by Radek Tomiška about 4 years ago

  • Status changed from New to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • % Done changed from 0 to 90

Find duplicate identity account improved with sub roles - one identity account is created, when system is mapped by sub role.

Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/958d4446fcff262419853ab0ef31e1acd52304f4

Could you provide me a feedback, please?

Actions #7

Updated by Vít Švanda about 4 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 90 to 100

I did review and tested it. Account has relation only on sub-role now. Nice usage of new redesigned business roles. Thanks for that.

Actions #8

Updated by Radek Tomiška about 4 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF