Actions
Defect #3195
closed
Role synchronization shouldn't assign roles with validity based on contract validity
Start date:
09/14/2022
Due date:
% Done:
100%
Estimated time:
Description
Standard role synchronization with an assignment to users now creates concept role requests based on the validity of the contract. This is not correct since the roles are manually assigned and the validity will not change with the change of the contract's validity.
Updated by Tomáš Doischer over 1 year ago
On a technical note: RoleSynchronizationExecutor uses IdmRoleRequestService:createConcept where the validity is set. A simple fix is to create a method that doesn't do that but some further research is needed to make sure this functionality can surprise us elsewhere.
Updated by Ondřej Kopr over 1 year ago
For check current status for valid till and manually added groups is possible use the sql query:
select distinct i.username, ir.valid_till from idm_identity_role as ir join idm_identity_contract ic on ic.id = ir.identity_contract_id join idm_identity i on i.id = ic.identity_id where ir.valid_till is not null and ir.automatic_role_id is null and ir.role_composition_id is null;
For remove all valid till for manually added groups you can use:
update idm_identity_role set valid_till = null where valid_till is not null and automatic_role_id is null and role_composition_id is null;
Updated by Tomáš Doischer about 1 year ago
- Status changed from New to Needs feedback
- Assignee changed from Roman Kučera to Peter Štrunc
- % Done changed from 0 to 80
Implemented.
Updated by Tomáš Doischer about 1 year ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Peter Štrunc to Tomáš Doischer
- Target version set to 13.1.0
- % Done changed from 80 to 100
Merged to develop.
Updated by Tomáš Doischer about 1 year ago
- Status changed from Resolved to Closed
- Target version changed from 13.1.0 to 13.0.1
Actions