Actions
Defect #3338
closed
Bulk action Stop managing accounts (without removing the assigning role) on systems with account protection leaves a broken AccIdentityAccount, following provisionings fail
Start date:
04/18/2023
Due date:
% Done:
100%
Estimated time:
Affected versions:
Owner:
Description
Tested on 13.0.3
Steps to reproduce:- enable account protection on a system
- a user has a role, which assigns an account (here, the role is "PostgreSQL system tpersonidm2-users" and the system "PostgreSQL system tpersonidm2")
- run bulk action "Stop managing accounts" on this account
- the AccAccount is removed, but the AccIdentityAccount is not completely removed and still contains links to this object. It is not visible in the "Links to accounts" anymore, but you can see the audit:
- if you try to resave the identity, or run bulk action Recalculate accounts, you get the following error and provisioning doesn't work
org.springframework.orm.jpa.JpaObjectRetrievalFailureException: Unable to find eu.bcvsolutions.idm.acc.entity.AccAccount with id 332c8eff-15bd-4da1-b06a-a9fe1a8170f0; nested exception is javax.persistence.EntityNotFoundException: Unable to find eu.bcvsolutions.idm.acc.entity.AccAccount with id 332c8eff-15bd-4da1-b06a-a9fe1a8170f0 ....
My use-case was to stop managing the account without deleting it on the target system. That means I can't remove the role first. I wanted to stop manage the account and remove the role afterwards.
Files
Actions