Defect #2415
closed
Business roles has subroles with mapped system and merge attribute. When you delete for example 2 subroles, one of them still remain on the end system
100%
Description
Use case:
Business role "role" has 3 subroles:
"subrole 1" - has mapped system system and override multivalue merge attribute
"subrole 2" - has mapped system system and override multivalue merge attribute
"subrole 3" - has mapped system system and override multivalue merge attribute
You have some user which has account on this end system and has role "role"
If you delete for example 2 subroles from "role" together, one of them will still remain on the end system. E.g remove "subrole 1" and "subrole 2" by checking checkbox and deleting one of them will still remain on the end system.
It looks like that provisioning is executed before the role is removed from user in IdM.
Result:
User has still some permission on end system until next re-save for this user.
Workaround:
Re-save all users after you delete some subroles?
Related issues
Updated by Radek Tomiška over 4 years ago
Workaround: Run account management on users.
Updated by Radek Tomiška over 4 years ago
- Target version set to 10.4.3
I will add validation to prevent change business role simultaneously => wait before one change (by asynchronous task) is completed.
Updated by Radek Tomiška over 4 years ago
- Target version changed from 10.4.3 to 10.4.4
Updated by Radek Tomiška over 4 years ago
- Status changed from New to In Progress
Updated by Radek Tomiška over 4 years ago
- Affected versions Malachite (9.0.0), Moonstone (9.1.0), Moonstone (9.1.1), Morganite (9.2.0), Morganite (9.2.1), Morganite (9.2.2), Onyx (9.3.0), Onyx (9.3.1), Opal (9.4.0-rc.1), Onyx (9.3.2), Onyx (9.3.3), Opal (9.4.0-rc.2), Onyx (9.3.4), Opal (9.4.0), Pyrite (9.5.0), Pyrite (9.5.1), Pyrite (9.5.2), Pyrite (9.5.3), Pyrite (9.5.4), Quartz (9.6.0), Quartz (9.6.1), Quartz (9.6.2), Quartz (9.6.3), Quartz (9.6.4), Quartz (9.6.5), Pyrite (9.5.1.2), Quartz (9.6.6), Rhyolite (9.7.0), Rhyolite (9.7.2), Rhyolite (9.7.3), Rhyolite (9.7.4), Rhyolite (9.7.5), Rhyolite (9.7.6), Rhyolite (9.7.7), Rhyolite (9.7.8), Rhyolite (9.7.9), Rhyolite (9.7.10), Rhyolite (9.7.11), Rhyolite (9.7.12), Rhyolite (9.7.13), 10.0.0, 10.4.2, 10.4.3 added
Updated by Radek Tomiška over 4 years ago
- Target version changed from 10.4.4 to 10.5.0
Updated by Radek Tomiška over 4 years ago
- Related to Task #1636: Redesign business roles assignment added
Updated by Radek Tomiška over 4 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
Business roles are processed asynchronously and cannot run simultaneously - all business role changes (add, delelte) are processing by LRT queue.
Commit:
https://github.com/bcvsolutions/CzechIdMng/commit/030ac042658f97a5ba997cacd8ac76aefbc7cc9e
Could you provide me a feedback, please?
Updated by Vít Švanda over 4 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did reivew and tested it. Only one sub role can be deleted in same time. This prevents occurring of this problem. Maybe creating bulk action for delete subroles will cause better UX (in future). LGTM
Updated by Radek Tomiška over 4 years ago
- Status changed from Resolved to Closed
Updated by Radek Tomiška about 4 years ago
- Related to Task #2498: Automatic roles: prevent to recount automatic roles simultaneously added