Project

General

Profile

Actions
Copy link

Defect #3309

closed

Undefined account type: new group or password is not provisioned, account can't be edited after upgrade to 13

Added by Alena Peterová almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
High
Assignee:
Tomáš Doischer
Category:
Provisioning
Target version:
13.0.2
Start date:
03/22/2023
Due date:
% Done:

100%

Estimated time:
Affected versions:
13.0.0, 13.0.1
Owner:

Description

Tested on 13.0.1
Accounts that existed before upgrade from version 11 to 13 have undefined Account detail: "enums.AccountTypeEnum.undefined"

In such case, there are multiple issues:
  • provisioning for these accounts is not executed in following situations:
    • password change
    • adding a new role that fills a multivalued merge attribute (typically: AD group)
  • accounts can't be directly edited in the new GUI for the account detail

Note:
Executing provisioning (e.g. bulk action Provision without account recalculation) for these accounts seems to repair all of it - it adds "systemMapping" to the AccAccount. Please try to find some way to do migration for existing accounts without the need to execute provisioning for all accounts.

Files

accounttype.png (31.7 KB) accounttype.png Alena Peterová, 03/22/2023 09:11 AM

Related issues

Related to IdStory Identity Manager - Defect #3336: Wrong provisioning mapping and mixed identifiers after migrating accounts to version 13ClosedPeter Štrunc04/17/2023

Actions
Actions
Copy link
 #1

Updated by Alena Peterová almost 2 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Tomáš Doischer over 1 year ago

  • Status changed from New to Needs feedback
  • Target version set to 13.0.2
  • % Done changed from 0 to 80

I was able to come up with a migration SQL script. It is implemented in exactly the same way as it is when recalculation accounts implemented in #3161.

I tested it and I think it works fine but @sourek can you test it as well?

UPDATE acc_account SET system_mapping_id = (
    SELECT
        mapping.id
    FROM
        sys_schema_obj_class AS schema_object
    LEFT JOIN acc_account AS account ON account.system_id = schema_object.system_id
    LEFT JOIN sys_system_mapping AS mapping ON mapping.object_class_id = schema_object.id
    WHERE mapping.operation_type = 'PROVISIONING' AND account.entity_type = mapping.entity_type
    LIMIT 1
);
Actions
Copy link
 #3

Updated by Peter Štrunc over 1 year ago

Looks fine. I think that it should be a part of the migration guide. Could you add it there?

Actions
Copy link
 #4

Updated by Peter Štrunc over 1 year ago

  • Status changed from Needs feedback to In Progress
  • Assignee changed from Peter Štrunc to Tomáš Doischer
  • % Done changed from 80 to 90
Actions
Copy link
 #5

Updated by Tomáš Doischer over 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

Thanks, I added the script plus some extra information to the migration guide.

Actions
Copy link
 #6

Updated by Tomáš Doischer over 1 year ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #7

Updated by Alena Peterová over 1 year ago

  • Related to Defect #3336: Wrong provisioning mapping and mixed identifiers after migrating accounts to version 13 added
Actions
Copy link

Also available in: Atom PDF