Defect #3338
closed
Bulk action Stop managing accounts (without removing the assigning role) on systems with account protection leaves a broken AccIdentityAccount, following provisionings fail
100%
Description
Tested on 13.0.3
Steps to reproduce:- enable account protection on a system
- a user has a role, which assigns an account (here, the role is "PostgreSQL system tpersonidm2-users" and the system "PostgreSQL system tpersonidm2")
- run bulk action "Stop managing accounts" on this account
- the AccAccount is removed, but the AccIdentityAccount is not completely removed and still contains links to this object. It is not visible in the "Links to accounts" anymore, but you can see the audit:
- if you try to resave the identity, or run bulk action Recalculate accounts, you get the following error and provisioning doesn't work
org.springframework.orm.jpa.JpaObjectRetrievalFailureException: Unable to find eu.bcvsolutions.idm.acc.entity.AccAccount with id 332c8eff-15bd-4da1-b06a-a9fe1a8170f0; nested exception is javax.persistence.EntityNotFoundException: Unable to find eu.bcvsolutions.idm.acc.entity.AccAccount with id 332c8eff-15bd-4da1-b06a-a9fe1a8170f0 ....
My use-case was to stop managing the account without deleting it on the target system. That means I can't remove the role first. I wanted to stop manage the account and remove the role afterwards.
Files
Updated by Tomáš Doischer about 1 year ago
- Sprint set to Sprint 13.1-5 (dub 19 - kvě 03)
- Target version set to 13.0.4
Updated by Peter Štrunc about 1 year ago
- Target version changed from 13.0.4 to 13.0.5
Updated by Peter Štrunc about 1 year ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
I am having issues replicating this. Following the mentioned steps does not produce the error on my machine and neither dos it in tests. I will need to dig a bit deeper here.
Updated by Alena Peterová about 1 year ago
- Subject changed from Bulk action Stop managing accounts (without removing the assigning role) leaves a broken AccIdentityAccount, following provisionings fail to Bulk action Stop managing accounts (without removing the assigning role) on systems with account protection leaves a broken AccIdentityAccount, following provisionings fail
- Description updated (diff)
I found out that the issue occurs only when the account protection is enabled - please try it.
Updated by Peter Štrunc about 1 year ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Peter Štrunc to Jan Potočiar
- % Done changed from 10 to 80
I was able to replicate the issue with protected account. Fixed here https://github.com/bcvsolutions/CzechIdMng/pull/388
@potociarj could you check it out?
Updated by Peter Štrunc about 1 year ago
- Sprint changed from Sprint 13.1-5 (Apr 19 - May 03) to Sprint 13.0.5 - 1 (May 03 - May 17)
Updated by Ondřej Kopr 11 months ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Ondřej Kopr to Peter Štrunc
- % Done changed from 80 to 100
Thanks for your fix.
After your changes Im not able to reproduce the issue. AccIdentityAccount is now correctly removed and original account is not in protection.