Project

General

Profile

Actions

Defect #2605

closed

Automatic role by attribute generates duplicate role requests and assignes subroles directly

Added by Vladimír Kotýnek about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
High
Assignee:
Radek Tomiška
Category:
Automatic roles
Target version:
Start date:
12/09/2020
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

I have role "FileSystemGroup_auto" which has a subrole "FileSystemGroup". The role "FileSystemGroup" has another super roles (200). The "FileSystemGroup_auto" role has no other super or sub roles. The "FileSystemGroup" has no subrole at all.

I have created an automatic role by attribute that assignes "FileSystemGroup_auto" with rules:
  • EAV of contract Attribute1 - value equals "ABC"
  • EAV of contract Attribute2 - value equals "Exampleíř 123" (contains these chars of Czech alphabet, a space and three numbers - it should represent a name and number)

Attribute1 and Attribute2 are single-value shortText attributes from the main definition of IdmIdentityContract.

Over 700 identities fulfill the conditions for the automatic role role.
LRT assigning the role processed more then 1.5 million items and created about 1.5 million role requests and events before being canceled.

Identities for whom the requests were executed has the role "FileSystemGroup_auto" assigned once as an automatic role. But they also have the "FileSystemGroup" assigned directly in some cases several hundred times (500x, 200x, 150x...).

@sourek @kopro Please add more details from debug

CzechIdM 10.6.3 runs on PostgreSQL database, version: PostgreSQL 9.6.19 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-39), 64-bit


Files

3.png (98.2 KB) 3.png Ondřej Kopr, 12/10/2020 07:31 AM
4.png (138 KB) 4.png Ondřej Kopr, 12/10/2020 07:31 AM
2.png (164 KB) 2.png Ondřej Kopr, 12/10/2020 07:31 AM
1.png (173 KB) 1.png Ondřej Kopr, 12/10/2020 07:31 AM

Related issues

Related to IdStory Identity Manager - Task #1636: Redesign business roles assignmentClosedRadek Tomiška05/06/2019

Actions
Related to IdStory Identity Manager - Defect #2404: Provisioning operations from event and sync. created at the same time can be executed in wrong orderClosedRadek Tomiška07/27/2020

Actions
Related to IdStory Identity Manager - Defect #2495: Duplicit automatic roles given by two events and asynchronous role request in same timeClosedRadek Tomiška09/17/2020

Actions
Related to IdStory Identity Manager - Defect #2637: LRT: IdentityRoleExpirationTaskExecutor process duplicate assigned roles (duplicate role requests are created in the cycle)ClosedRadek Tomiška01/11/2021

Actions
Actions

Also available in: Atom PDF