Actions
Task #552
closed
Do provisioning after every role (de)assignment
Start date:
06/28/2017
Due date:
% Done:
100%
Estimated time:
Owner:
Description
Currently if added role does not assign new system, provisioning is not executed.
Also provisioning when role is removed is executed with priority -1000, therefore it is executed before the IdmIdenityRole relation is deleted.
This produces unwanted results in some cases, for example if I map provisioning of all role name into system and role is deleted, the deleted role is also sent into system.
Updated by Jan Helbich almost 7 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Jan Helbich to Vít Švanda
I've disabled the optional provisioning after role assignement, commit 0ef62ae83b56ce4c4efd9d70d08fdd02b30ab8a0.
For role removal, I've divided the original provisioning processor into two:- first processor IdentityRoleDeleteAccountProcessor deletes acc_account mapping before role delete (-1000)
- second processor invokes provisioning after role save, IdentityRoleDeleteAccountProcessor - priority (1000)
commit 7dce18c9a25d2af179962fab1a6256840c4a09b8
Updated by Vít Švanda almost 7 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Jan Helbich
- % Done changed from 0 to 100
I did review. I agree with this behavior. I little improved description of processor.
Updated by Radek Tomiška almost 7 years ago
- Status changed from Resolved to Closed
Actions