Project

General

Profile

Actions
Copy link

Defect #3338

closed

Bulk action Stop managing accounts (without removing the assigning role) on systems with account protection leaves a broken AccIdentityAccount, following provisionings fail

Added by Alena Peterová over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Peter Štrunc
Category:
Account managment
Target version:
13.0.6
Start date:
04/18/2023
Due date:
% Done:

100%

Estimated time:
Affected versions:
13.0.3
Owner:

Description

Tested on 13.0.3

Steps to reproduce:
  • enable account protection on a system
  • a user has a role, which assigns an account (here, the role is "PostgreSQL system tpersonidm2-users" and the system "PostgreSQL system tpersonidm2")
  • run bulk action "Stop managing accounts" on this account
  • the AccAccount is removed, but the AccIdentityAccount is not completely removed and still contains links to this object. It is not visible in the "Links to accounts" anymore, but you can see the audit:
  • if you try to resave the identity, or run bulk action Recalculate accounts, you get the following error and provisioning doesn't work
    org.springframework.orm.jpa.JpaObjectRetrievalFailureException: Unable to find eu.bcvsolutions.idm.acc.entity.AccAccount with id 332c8eff-15bd-4da1-b06a-a9fe1a8170f0; nested exception is javax.persistence.EntityNotFoundException: Unable to find eu.bcvsolutions.idm.acc.entity.AccAccount with id 332c8eff-15bd-4da1-b06a-a9fe1a8170f0
....

My use-case was to stop managing the account without deleting it on the target system. That means I can't remove the role first. I wanted to stop manage the account and remove the role afterwards.

Files

Download all files
audit_AccIdentityAccount.png (48.5 KB) audit_AccIdentityAccount.png Alena Peterová, 04/18/2023 12:52 PM
stop_managing_accounts.png (37 KB) stop_managing_accounts.png Alena Peterová, 04/18/2023 12:52 PM
links_to_accounts.png (45.7 KB) links_to_accounts.png Alena Peterová, 04/18/2023 12:52 PM
Actions
Copy link
 #1

Updated by Tomáš Doischer over 1 year ago

  • Sprint set to Sprint 13.1-5 (dub 19 - kvě 03)
  • Target version set to 13.0.4
Actions
Copy link
 #2

Updated by Peter Štrunc over 1 year ago

  • Target version changed from 13.0.4 to 13.0.5
Actions
Copy link
 #3

Updated by Peter Štrunc over 1 year ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

I am having issues replicating this. Following the mentioned steps does not produce the error on my machine and neither dos it in tests. I will need to dig a bit deeper here.

Actions
Copy link
 #4

Updated by Alena Peterová over 1 year ago

  • Subject changed from Bulk action Stop managing accounts (without removing the assigning role) leaves a broken AccIdentityAccount, following provisionings fail to Bulk action Stop managing accounts (without removing the assigning role) on systems with account protection leaves a broken AccIdentityAccount, following provisionings fail
  • Description updated (diff)

I found out that the issue occurs only when the account protection is enabled - please try it.

Actions
Copy link
 #5

Updated by Peter Štrunc over 1 year ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Peter Štrunc to Jan Potočiar
  • % Done changed from 10 to 80

I was able to replicate the issue with protected account. Fixed here https://github.com/bcvsolutions/CzechIdMng/pull/388

@potociarj could you check it out?

Actions
Copy link
 #6

Updated by Peter Štrunc over 1 year ago

  • Sprint changed from Sprint 13.1-5 (Apr 19 - May 03) to Sprint 13.0.5 - 1 (May 03 - May 17)
Actions
Copy link
 #7

Updated by Peter Štrunc over 1 year ago

  • Sprint changed from Sprint 13.0.5 - 1 (May 03 - May 17) to Sprint 13.0.5 - 2 (May 17 - May 29)
Actions
Copy link
 #8

Updated by Peter Štrunc over 1 year ago

  • Target version changed from 13.0.5 to 13.0.6
Actions
Copy link
 #9

Updated by Peter Štrunc over 1 year ago

  • Sprint changed from Sprint 13.0.5 - 2 (May 17 - May 29) to Sprint 13.0.5 - 3 (May 29 - Jun 12)
Actions
Copy link
 #10

Updated by Peter Štrunc over 1 year ago

  • Sprint changed from Sprint 13.0.5 - 3 (May 29 - Jun 12) to Sprint 13.0.5 - 4 (Jun 12 - Jun 26)
Actions
Copy link
 #11

Updated by Peter Štrunc over 1 year ago

  • Sprint changed from Sprint 13.0.5 - 4 (Jun 12 - Jun 26) to Sprint 13.0.6 - 5 (Jun 27 - Jun 28)
Actions
Copy link
 #12

Updated by Peter Štrunc over 1 year ago

  • Assignee changed from Jan Potočiar to Ondřej Kopr
Actions
Copy link
 #13

Updated by Ondřej Kopr over 1 year ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Ondřej Kopr to Peter Štrunc
  • % Done changed from 80 to 100

Thanks for your fix.

After your changes Im not able to reproduce the issue. AccIdentityAccount is now correctly removed and original account is not in protection.

Actions
Copy link
 #14

Updated by Martin Kolombo about 1 year ago

  • Sprint changed from Sprint 13.0.6 - 5 (Jun 27 - Jun 28) to Sprint 13.0.5 - 3 (May 29 - Jun 12)
Actions
Copy link
 #15

Updated by Martin Kolombo about 1 year ago

  • Sprint changed from Sprint 13.0.5 - 3 (May 29 - Jun 12) to Sprint 13.0.5 - 2 (May 17 - May 29)
Actions
Copy link
 #16

Updated by Peter Štrunc about 1 year ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF