Project

General

Profile

Actions

Feature #1365

closed

Business default role in synchronization creates 2 links

Added by Alena Peterová about 6 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Low
Assignee:
Radek Tomiška
Category:
Synchronization
Target version:
Start date:
11/07/2018
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Version: 9.3.0-SNAPSHOT

Situation:
  • "Business role" has two sub roles - "Sub role 1" and "AD user"
  • "AD user" has schema "AD"
  • Reconcilation of the system "AD" uses "Business role" as a default role, situation "Not Linked" is set to "Link and update account".
Result:
  • Identities have the role "Business role"
  • Identities have 2 Links to accounts - 1) assigned by role "AD user" and 2) assigned by role "Business role"

This is different result than when we assign "Business role" to a user - then there is only one link to account assigned by role "AD user".

This could create a problem in the future. If "AD user" is removed from the "Business role", then:
  • AD account is removed for identities, who had the role "Business role" assigned manually or automatically
  • AD account is not removed for identities, who had the role "Business role" assigned during synchronization

I set the priority as Low, because I don't really see any use case to set business role as default role for sync, at least not in simple environments.


Related issues

Related to IdStory Identity Manager - Task #1636: Redesign business roles assignmentClosedRadek Tomiška05/06/2019

Actions
Actions

Also available in: Atom PDF