Feature #1365
closed
Business default role in synchronization creates 2 links
100%
Description
Version: 9.3.0-SNAPSHOT
Situation:- "Business role" has two sub roles - "Sub role 1" and "AD user"
- "AD user" has schema "AD"
- Reconcilation of the system "AD" uses "Business role" as a default role, situation "Not Linked" is set to "Link and update account".
- Identities have the role "Business role"
- Identities have 2 Links to accounts - 1) assigned by role "AD user" and 2) assigned by role "Business role"
This is different result than when we assign "Business role" to a user - then there is only one link to account assigned by role "AD user".
This could create a problem in the future. If "AD user" is removed from the "Business role", then:- AD account is removed for identities, who had the role "Business role" assigned manually or automatically
- AD account is not removed for identities, who had the role "Business role" assigned during synchronization
I set the priority as Low, because I don't really see any use case to set business role as default role for sync, at least not in simple environments.
Related issues
Updated by Vít Švanda over 5 years ago
- Status changed from New to Needs feedback
- Assignee changed from Vít Švanda to Radek Tomiška
- Target version set to Quartz (9.6.3)
Updated by Radek Tomiška over 5 years ago
- Tracker changed from Defect to Feature
- Status changed from Needs feedback to New
- Assignee changed from Radek Tomiška to Vít Švanda
I checked the described behavior in version 9.6.0.
This ticket is not related to synchronous role request execution as I thought.
Possible solution: find all sub roles, which are defined by default business role at the start of synchronization (once) and check system is mapped in some of sub roles.
Updated by Radek Tomiška about 4 years ago
- Assignee changed from Vít Švanda to Radek Tomiška
- Target version set to 10.6.0
Updated by Radek Tomiška about 4 years ago
- Related to Task #1636: Redesign business roles assignment added
Updated by Radek Tomiška about 4 years ago
- Status changed from New to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
Find duplicate identity account improved with sub roles - one identity account is created, when system is mapped by sub role.
Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/958d4446fcff262419853ab0ef31e1acd52304f4
Could you provide me a feedback, please?
Updated by Vít Švanda about 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did review and tested it. Account has relation only on sub-role now. Nice usage of new redesigned business roles. Thanks for that.
Updated by Radek Tomiška about 4 years ago
- Status changed from Resolved to Closed