Project

General

Profile

Actions

Defect #3070

closed

Account in "protection" is not linked when assigned business role also assignes a group role

Added by Vladimír Kotýnek almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
High
Assignee:
Peter Štrunc
Category:
Account managment
Target version:
Start date:
03/09/2022
Due date:
% Done:

100%

Estimated time:
Affected versions:
Owner:

Description

User in my environment had an account on a system SYS. He lost all roles for this system in the past. System SYS has "protection" set in the provisioning mapping so the account is never deleted. Now the user was moved to a new position which has an automatic business role that assignes a basic role R1 for this system SYS and also assignes roles R2 and R3 that assigns the user to groups in that system SYS. Roles R2 and R3 have the "Automatically create accounts" option set to false (and it can't be set to true for practical reasons).
The role request fails with this message:

java.lang.IllegalArgumentException: Dto lookup for dto type [class eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto] attribute [roleSystem] is not supported.
    at eu.bcvsolutions.idm.core.model.service.impl.DefaultLookupService.lookupEmbeddedDto(DefaultLookupService.java:164)
    at 

Actions

Also available in: Atom PDF